Http Digest authenticatio

Is http digest authentication supported by osb or soa suite.?
Thanks

I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

Similar Messages

OSB: HTTP digest authentication for WebServices

Hi,
How do I configure HTTP digest authentication for WebServices offered by the OSB (Proxy Services with WS as transport)?
Best regards
Dimo

Did you figure out how to do it.?

HTTP Digest Authentication in Weblogic Server ?

I understand that Weblogic Server 10.3.0.0 does not have declarative support for HTTP Digest Authentication. In that case, what are the alternatives to do HTTP Digest Authentication on the server ?
Edited by: user566628 on Sep 19, 2008 1:47 PM

I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

HTTP digest Authentication, using HttpURLConnection

Hi,
My requirement is simple, my stanalone applicaiton creates a XML request sends that to a web Application. Now to do this the Web application needs a HttpDigest Authentication. To do this wat we are doing is create a http url connection and get 401 response and then use that ot create the digest. to accomplish this the same urlConnection need to be used, else the new URL connection will send a new request. But in HttpUrlConnection there is a limitation that it can be used for only single request-response cycle.... can anybody suggest on this, wats the best practice to do HTTP digest authentication while communicating from a Stand alone application to a web application........................

I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

HTTP Digest Authentication

Hi,
To authenticate users I have to use digest authentication (RFC2617). However, it seems there is no support for this authentication in BEA webserver 8.1.
How can I best implement this? Any tips on where to find classes which I can reuse, I hope I do not have to develop this from scratch.
Thanks,
Steve

Steve, did this ever get solved? I have the same issue trying to use Mappoint.
Thanks.

Digest authentication in WL7.0

Hi,
Does anybody know if Weblogic Server 7.0 supports HTTP
digest authentication method ?
I created my own authenticator, but I want Weblogic to check
the authentication method (but not the username/password). When
I try to set a security constraint in my application's web.xml,
the server says:
weblogic.xml.dom.DOMProcessingException: DIGEST authentication method is not supported.
Regards, Geza

"Geza Szocs" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
Does anybody know if Weblogic Server 7.0 supports HTTP
digest authentication method ?
Digest authentication is not supported in 7.0

Digest Authentication with OC4J standalone

Hi,
I am using oc4j 9.0.3 standalone web container . I used axis application as soap engine for deploying a web service in the oc4j . I want to implement HTTP digest authentication for my webservice.
I am forced to use the same verison of OC4J due to some reasons. Could anyone help me in knowing the procedure for the HTTP digest authentication implementation using oc4j903 asap.
Advance thanks for help

could anyone please reply to this thread asap

EJB Client using https (SSL) with Server 8.1.3/8.1.4

We have Swing client trying to use weblogic thin client to talk to weblogic server using https.
If we try to use thin client wlclient.jar with https
JAAS Authenticatio, lookups nothing works
If we try to use weblogic.jar from client we need to use license.bea in classpath.
How can we use thin client jar or equivalent without needing license.bea in client classpath?
We tried to create our own thin client but without license.bea it doesn't work.
Plesae give some suggestions or pointers. I have seen this raised many times but there is no conclusion on this topic.
Thanks

We have Swing client trying to use weblogic thin client to talk to weblogic server using https.
If we try to use thin client wlclient.jar with https
JAAS Authenticatio, lookups nothing works
If we try to use weblogic.jar from client we need to use license.bea in classpath.
How can we use thin client jar or equivalent without needing license.bea in client classpath?
We tried to create our own thin client but without license.bea it doesn't work.
Plesae give some suggestions or pointers. I have seen this raised many times but there is no conclusion on this topic.
Thanks

SPA112 - HTTP Authentication with Provisioning

Is it possible to provision a device with an HTTP server using HTTP Digest Authentication?
I've tried using the URL format of: http://username:[email protected]/spa.xml
But formatting it like that makes the SPA request the entire URL in a DNS query, which doesn't resolve properly.
Am I missing some username/password fields?
Thanks!

I found some of the information you were looking for.
To include the username and password when you resync the phone,
the details are located in the provisioning guide p 90 here
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpvga/ata/provisioning/guide/Provisioning.pdf
The word to search for is “digest authentication” We are talking about using the profile rule
Digest Authentication Support in Profile and Report Rule
Digest Authentication based on the username and password is defined as part of
profile rule and a report rule. The syntax is:
[--uid $SA]
[--pwd $SB]
In the following example, the phone uses this username and password when it is challenged by the server:
[--uid slee --pwd 1234] http://download.com/spacfg.xml
Dan

ADF security - prompt for user id and password again on page forward

Hi,
I am working with ADF using JDeveloper 10.1.3 with Business Components and ADF Faces.
I have a Search page and a List page.
Both pages are based on the same view within the same application module.
The Search page is using the default Find and Execute Operations.
The Execute button has an action that navigate to the List screen.
faces-config.xml
<navigation-rule>
<from-view-id>/jspx/search.jspx</from-view-id>
<navigation-case>
<from-outcome>search</from-outcome>
<to-view-id>/jspx/list.jspx</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>/jspx/list.jspx</from-view-id>
<navigation-case>
<from-outcome>find</from-outcome>
<to-view-id>/jspx/search.jspx</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
Security (Roles and Users) is based on the jazn-data.xml and web.xml
URL Patterns for the pages have assigned to the role.
Login Configuration is HTTP Digest Authentication
<web-resource-collection>
<web-resource-name>APP_SUPPORT</web-resource-name>
<url-pattern>faces/jspx/search.jspx</url-pattern>
<url-pattern>faces/jspx/list.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>APP_SUPPORT</role-name>
</auth-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
Everything is fine when running the application from JDeveloper,
but when the application is deployed to the server (OC4J),
After logging into the system, the Search page prompt for user id and password again
on click of the Execute button.
Have anyone experience this problem before?
Thanks for any help.
Jim

Hi,
does the same thing happen if you change your protected resource from:
<web-resource-collection>
<web-resource-name>APP_SUPPORT</web-resource-name>
<url-pattern>faces/jspx/search.jspx</url-pattern>
<url-pattern>faces/jspx/list.jspx</url-pattern>
</web-resource-collection>to:
<web-resource-collection>
<web-resource-name>APP_SUPPORT</web-resource-name>
<url-pattern>/faces/jspx/*</url-pattern>
</web-resource-collection>Brenden

SVN problem in JDeveloper 11.1.1.2

Hello all. (SVN client TortoiseSVN 1.6.7, Build 18415 - 64 Bit )
I try to use SVN in JDev 11.1.1.2.
1. I place my project in trunk folder.
2. After that i create branch folder and try to switch to that branch but i get exception
switch svn://zovxp/Jdev/TKSG/tksg03-base-nsi/Branches/vvs/Trunk E:/JDeveloperProjects/tksg03-base-nsi -r HEAD --force
svn: authentication cancelled

Victor,
This looks similar to a problem I have experienced and Oracle has fixed as a bug in a future release. The issue I had apparently only happens when using HTTP BASIC authentication on the SVN server, and is supposed to not occur (although I haven't tested it) with HTTP Digest authentication. I've pinged my contact with Oracle to respond on this thread.
Best,
John

ZBF review and Issues on 871W

Hello, i am working with 871w and i am trying to switch form ip inspect to zone-based firewall. Below are the class-maps, policy-map, zone-pairs, zones, and ACLs. The issues i am having is that onces i depoly the ZBF, i can not get ip via DHCP. Please review and suggest any impovements or fixes needed?
class-map type inspect match-any Egress-Filter match access-group name egress-filter
class-map type inspect match-any Guest_Protocols match protocol http
match protocol https match protocol dns
class-map type inspect match-any Ingress-Filter match access-group name ingress-filter
class-map type inspect match-any All_Protocols match protocol tcp
match protocol udp match protocol icmp
class-map type inspect match-all DHCP-Allow match access-group name dhcp-allow
policy-map type inspect Self_to_Internet class type inspect Egress-Filter
inspect
class class-default
drop log
policy-map type inspect Internet_to_Self class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_To_Self class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Guest_to_Internet class type inspect Guest_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Guest class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_to_Self class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Trusted class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Trusted_to_Internet class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Trusted class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Guest_to_Self class type inspect All_Protocols inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Guest
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
zone-pair security Trusted->Internet source Trusted destination Internet service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet service-policy type inspect Guest_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted service-policy type inspect Internet_to_Trusted
zone-pair security Internet->Guest source Internet destination Guest service-policy type inspect Internet_to_Guest
zone-pair security Self->Internet source self destination Internet service-policy type inspect Self_to_Internet
zone-pair security Internet->Self source Internet destination self service-policy type inspect Internet_to_Self
zone-pair security Self->Trusted source self destination Trusted service-policy type inspect Self_to_Trusted
zone-pair security Trusted->Self source Trusted destination self service-policy type inspect Trusted_to_Self
zone-pair security Self->Guest source self destination Guest service-policy type inspect Self_to_Guest
zone-pair security Guest->Self source Guest destination self service-policy type inspect Guest_to_Self
zone security Trustedzone security Guestzone security Internet
ip access-list extended NAT deny   ip 192.168.16.0 0.0.0.63 192.168.16.64 0.0.0.15
permit ip any any
ip access-list extended dhcp-allow permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any eq bootpc any
ip access-list extended egress-filter permit ip <REMOVED> 0.0.0.2 any
remark ----- Junk Traffic -----
deny   ip any host <REMOVED>
deny   ip any host <REMOVED>
deny   ip host <REMOVED> any
deny   ip host <REMOVED> any
remark ----- Bogons Filter -----
deny   ip 0.0.0.0 0.255.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 127.0.0.0 0.255.255.255 any
deny   ip 169.254.0.0 0.0.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 192.0.0.0 0.0.0.255 any
deny   ip 192.0.2.0 0.0.0.255 any
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 198.18.0.0 0.1.255.255 any
deny   ip 198.51.100.0 0.0.0.255 any
deny   ip 203.0.113.0 0.0.0.255 any
deny   ip 224.0.0.0 31.255.255.255 any
deny   ip any any
ip access-list extended ingress-filter remark ----- Allow access from work
permit ip <REMOVED> 0.0.0.127 any
permit ip <REMOVED 0.0.0.31 any
permit ip <REMOVED> 0.0.0.255 any
permit esp any host <REMOVED>
permit gre any host <REMOVED>
permit udp any host <REMOVED> eq isakmp
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc deny   icmp any any
deny   udp any any eq echo
deny   udp any eq echo any
deny   tcp any any fragments
deny   udp any any fragments
deny   ip any any fragments
deny   ip any any option any-options
deny   ip any any ttl lt 4
deny   ip any host <REMOVED>
deny   ip any host <REMOVED>
deny   udp any any range 33400 34400
remark ----- Bogons Filter -----
deny   ip 0.0.0.0 0.255.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 127.0.0.0 0.255.255.255 any
deny   ip 169.254.0.0 0.0.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 192.0.0.0 0.0.0.255 any
deny   ip 192.0.2.0 0.0.0.255 any
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 198.18.0.0 0.1.255.255 any
deny   ip 198.51.100.0 0.0.0.255 any
deny   ip 203.0.113.0 0.0.0.255 any
deny   ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny   ip <REMOVED> 0.0.0.3 any
deny   ip any any

Running Config
! Last configuration change at 05:24:59 AZT Sun Feb 19 2012 by asucrews
! NVRAM config last updated at 05:25:57 AZT Sun Feb 19 2012 by asucrews
version 12.4
configuration mode exclusive auto expire 600
parser cache
no service log backtrace
no service config
no service exec-callback
service nagle
service slave-log
no service slave-coredump
no service pad to-xot
no service pad from-xot
no service pad cmns
no service pad
no service telnet-zeroidle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service exec-wait
service linenumber
no service internal
no service scripting
no service compress-config
service prompt config
no service old-slip-prompts
service pt-vty-logging
no service disable-ip-fast-frag
service sequence-numbers
hostname rtwan
boot-start-marker
boot-end-marker
logging exception 4096
logging count
no logging message-counter log
no logging message-counter debug
logging message-counter syslog
no logging snmp-authfail
no logging userinfo
logging buginf
logging queue-limit 100
logging queue-limit esm 0
logging queue-limit trap 100
logging buffered 65536
no logging persistent
logging rate-limit 512 except critical
logging console guaranteed
logging console critical
logging monitor debugging
logging on
enable secret 5
enable password 7
aaa new-model
aaa group server radius rad_eap
server auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa accounting network acct_methods
action-type start-stop
group rad_acct
aaa session-id common
memory-size iomem 10
clock timezone AZT -7
clock save interval 8
errdisable detect cause all
errdisable recovery interval 300
dot11 syslog
dot11 activity-timeout unknown default 60
dot11 activity-timeout client default 60
dot11 activity-timeout repeater default 60
dot11 activity-timeout workgroup-bridge default 60
dot11 activity-timeout bridge default 60
dot11 ssid guestonpg
vlan 2
authentication open
authentication key-management wpa optional
guest-mode
wpa-psk ascii 7
dot11 ssid playground
vlan 1
authentication open
authentication key-management wpa optional
wpa-psk ascii 7
dot11 aaa csid default
no ip source-route
no ip gratuitous-arps
ip icmp redirect subnet
ip spd queue threshold minimum 73 maximum 74
ip options drop
ip dhcp bootp ignore
ip dhcp excluded-address 192.168.16.33 192.168.16.40
ip dhcp excluded-address 192.168.16.1 192.168.16.7
ip dhcp pool vlan1pool
   import all
   network 192.168.16.0 255.255.255.224
   default-router 192.168.16.1
   domain-name jeremycrews.home
   lease 4
ip dhcp pool vlan2pool
   import all
   network 192.168.16.32 255.255.255.224
   default-router 192.168.16.33
   domain-name guest.jeremycrews.home
   lease 0 6
ip cef
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
no ip bootp server
no ip domain lookup
ip domain name jeremycrews.home
ip host rtwan.jeremycrews.home 192.168.16.1 192.168.16.33
ip host ap1.jeremycrews.home 192.168.16.2 192.168.16.34
ip host ap2.jeremycrews.home 192.168.16.3 192.168.16.35
ip host ap3.jeremycrews.home 192.168.16.4 192.168.16.36
ip host ooma.jeremycrews.home 192.168.16.5
ip host xbox.jeremycrews.home 192.168.16.6
ip host wii.jeremycrews.home 192.168.16.7
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip accounting-threshold 100
ip accounting-list 192.168.16.0 0.0.0.31
ip accounting-list 192.168.16.32 0.0.0.31
ip accounting-transits 25
ip igmp snooping vlan 1
ip igmp snooping vlan 1 mrouter learn pim-dvmrp
ip igmp snooping vlan 2
ip igmp snooping vlan 2 mrouter learn pim-dvmrp
ip igmp snooping
login block-for 120 attempts 5 within 60
login delay 5
login on-failure log
parameter-map type inspect log
audit-trail on
dot1x system-auth-control
memory free low-watermark processor 65536
memory free low-watermark IO 16384
file prompt alert
emm clear 1b5b324a1b5b303b30480d
vtp file flash:vlan.dat
vtp mode server
vtp version 1
username privilege 15 password 7
username privilege 15 password 7
no crypto isakmp diagnose error
archive
log config
no record rc
logging enable
no logging persistent reload
no logging persistent
logging size 255
notify syslog contenttype plaintext
no notify syslog contenttype xml
hidekeys
path tftp://192.168.16.12/rtwan-config
maximum 10
no rollback filter adaptive
rollback retry timeout 0
write-memory
time-period 10080
scripting tcl low-memory 28965007
scripting tcl trustpoint untrusted terminate
no scripting tcl secure-mode
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh break-string ~break
ip ssh logging events
ip ssh version 2
ip ssh dh min size 1024
class-map type inspect match-any Egress-Filter
match access-group name egress-filter
class-map type inspect match-any Guest_Protocols
match protocol http
match protocol https
match protocol dns
match protocol bootpc
match protocol bootps
class-map type inspect match-any Ingress-Filter
match access-group name ingress-filter
class-map type inspect match-any All_Protocols
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all DHCP-Allow
match access-group name dhcp-allow
policy-map type inspect Self_to_Internet
class type inspect Egress-Filter
inspect
class class-default
drop log
policy-map type inspect Internet_to_Self
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Self_To_Self
class class-default
drop log
policy-map type inspect Trusted_To_Self
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Guest_to_Internet
class type inspect Guest_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Guest
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_to_Self
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Trusted
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Trusted_to_Internet
class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Trusted
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Guest_to_Self
class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Self_to_Guest
class type inspect All_Protocols
inspect
class class-default
drop log
zone security Trusted
zone security Guest
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet
service-policy type inspect Guest_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted
service-policy type inspect Internet_to_Trusted
zone-pair security Internet->Guest source Internet destination Guest
service-policy type inspect Internet_to_Guest
zone-pair security Self->Internet source self destination Internet
service-policy type inspect Self_to_Internet
zone-pair security Internet->Self source Internet destination self
service-policy type inspect Internet_to_Self
zone-pair security Self->Trusted source self destination Trusted
service-policy type inspect Self_to_Trusted
zone-pair security Trusted->Self source Trusted destination self
service-policy type inspect Trusted_to_Self
zone-pair security Self->Guest source self destination Guest
service-policy type inspect Self_to_Guest
zone-pair security Guest->Self source Guest destination self
service-policy type inspect Guest_to_Self
bridge irb
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
snmp trap link-status
interface Null0
no ip unreachables
interface FastEthernet0
description To switch
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode trunk
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
interface FastEthernet1
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode trunk
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet2
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet3
description Ooma Hub 192.168.16.5
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet4
description Cox Internet Connection
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
snmp trap link-status
no cdp enable
zone-member security Internet
interface Dot11Radio0
description Radio b/g
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
beacon period 100
beacon dtim-period 2
dot11 extension aironet
encryption vlan 1 mode ciphers aes-ccm tkip wep128
encryption vlan 2 mode ciphers aes-ccm tkip wep128
broadcast-key vlan 1 change 3600 membership-termination
broadcast-key vlan 2 change 3600 membership-termination
ssid guestonpg
ssid playground
countermeasure tkip hold-time 60
short-slot-time
speed ofdm join
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 64
preamble-short
channel least-congested
fragment-threshold 2346
station-role root
rts threshold 2312
rts retries 64
antenna receive diversity
antenna transmit diversity
payload-encapsulation rfc1042
snmp trap link-status
interface Dot11Radio0.1
description Home WLAN
encapsulation dot1Q 1 native
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description Guest WLAN
encapsulation dot1Q 2
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Vlan1
description Home LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
autostate
snmp trap link-status
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan2
description Guest LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
autostate
snmp trap link-status
bridge-group 2
bridge-group 2 spanning-disabled
interface BVI1
description Home Bridge LAN to WLAN
ip address 192.168.16.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
snmp trap link-status
zone-member security Trusted
interface BVI2
description Guest Bridge LAN to WLAN
ip address 192.168.16.33 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
snmp trap link-status
zone-member security Guest
ip classless
ip forward-protocol nd
no ip http server
ip http port 80
ip http authentication enable
no ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 5
ip http timeout-policy idle 180 life 180 requests 1
ip http active-session-modules all
ip http digest algorithm md5
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source static tcp 192.168.16.6 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.16.6 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.6 3074 interface FastEthernet4 3074
ip nat inside source static tcp 192.168.16.6 80 interface FastEthernet4 80
ip nat inside source static udp 192.168.16.6 88 interface FastEthernet4 88
ip nat inside source static udp 192.168.16.6 53 interface FastEthernet4 53
ip nat inside source list NAT interface FastEthernet4 overload
ip access-list extended NAT
deny   ip 192.168.16.0 0.0.0.63 192.168.16.64 0.0.0.15
permit ip any any
ip access-list extended dhcp-allow
permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any eq bootpc any
ip access-list extended egress-filter
permit ip 0.0.0.2 any
remark ----- Junk Traffic -----
deny   ip any host
deny   ip any host
deny   ip host any
deny   ip host any
remark ----- Bogons Filter -----
deny   ip 0.0.0.0 0.255.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 127.0.0.0 0.255.255.255 any
deny   ip 169.254.0.0 0.0.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 192.0.0.0 0.0.0.255 any
deny   ip 192.0.2.0 0.0.0.255 any
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 198.18.0.0 0.1.255.255 any
deny   ip 198.51.100.0 0.0.0.255 any
deny   ip 203.0.113.0 0.0.0.255 any
deny   ip 224.0.0.0 31.255.255.255 any
deny   ip any any
ip access-list extended ingress-filter
remark ----- Allow access from work
permit ip 0.0.0.127 any
permit ip 0.0.0.31 any
permit ip 0.0.0.255 any
permit esp any host
permit gre any host
permit udp any host eq isakmp
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc
deny   icmp any any
deny   udp any any eq echo
deny   udp any eq echo any
deny   tcp any any fragments
deny   udp any any fragments
deny   ip any any fragments
deny   ip any any option any-options
deny   ip any any ttl lt 4
deny   ip any host
deny   ip any host
deny   udp any any range 33400 34400
remark ----- Bogons Filter -----
deny   ip 0.0.0.0 0.255.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 127.0.0.0 0.255.255.255 any
deny   ip 169.254.0.0 0.0.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 192.0.0.0 0.0.0.255 any
deny   ip 192.0.2.0 0.0.0.255 any
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 198.18.0.0 0.1.255.255 any
deny   ip 198.51.100.0 0.0.0.255 any
deny   ip 203.0.113.0 0.0.0.255 any
deny   ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny   ip 0.0.0.2 any
deny   ip any any
no ip sla logging traps
ip sla 1
icmp-echo 8.8.4.4 source-interface FastEthernet4
frequency 120
history hours-of-statistics-kept 1
history filter failures
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface FastEthernet4
frequency 30
history hours-of-statistics-kept 1
history filter failures
ip sla reaction-configuration 1 react connectionLoss threshold-type consecutive 5 action-type trapAndTrigger
ip sla reaction-trigger 1 2
logging history size 1
logging history warnings
logging trap informational
logging delimiter tcp
logging facility local7
no logging source-interface
access-list 1 permit 192.168.16.0 0.0.0.63
access-list 20 permit 127.127.1.1
access-list 20 permit 192.43.244.18
access-list 20 permit 204.235.61.9
access-list 20 permit 173.201.38.85
access-list 20 permit 216.229.4.69
access-list 20 permit 152.2.21.1
access-list 20 permit 130.126.24.24
access-list 21 permit 192.168.16.0 0.0.0.63
access-list 22 permit 192.168.16.0 0.0.0.63
mac-address-table aging-time 300
cdp run
snmp-server engineID local
snmp-server view *ilmi system included
snmp-server view *ilmi atmForumUni included
snmp-server view v1default iso included
snmp-server view v1default internet.6.3.15 excluded
snmp-server view v1default internet.6.3.16 excluded
snmp-server view v1default internet.6.3.18 excluded
snmp-server view v1default ciscoMgmt.394 excluded
snmp-server view v1default ciscoMgmt.395 excluded
snmp-server view v1default ciscoMgmt.399 excluded
snmp-server view v1default ciscoMgmt.400 excluded
snmp-server view *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F ieee802dot11 included
snmp-server view *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F internet included
snmp-server community 1682CrewsSNMP v1default RW 22
snmp-server priority normal
no snmp-server trap link ietf
snmp-server trap authentication vrf
snmp-server trap authentication acl-failure
snmp-server trap authentication unknown-content
snmp-server packetsize 1500
snmp-server queue-limit notification-host 10
snmp-server chassis-id FHK111016LX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps pw vc
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps adslline
snmp-server enable traps flash insertion removal
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ipsla
snmp-server host 192.168.16.10 traps version 1 udp-port 162
snmp-server inform retries 3 timeout 15 pending 25
snmp mib nhrp
snmp mib notification-log globalsize 500
snmp mib notification-log globalageout 15
snmp mib community-map ILMI engineid
snmp mib community-map engineid
radius-server local
no authentication mac
eapfast authority id
eapfast authority info
eapfast server-key primary 7
eapfast server-key secondary 7
nas key 7
group users
vlan 1
ssid playground
block count 5 time 60
reauthentication time 3600
group guest
vlan 2
ssid guestonpg
block count 3 time 60
reauthentication time 3600
user nthash 7 group users
user nthash 7 group guest
radius-server attribute 32 include-in-access-req format %h
radius-server host auth-port 1645 acct-port 1646 key 7
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
alias exec h help
alias exec lo logout
alias exec p ping
alias exec r resume
alias exec s show
alias exec u undebug
alias exec un undebug
alias exec w where
default-value exec-character-bits 7
default-value special-character-bits 7
default-value data-character-bits 8
line con 0
password 7
logging synchronous
no modem enable
transport output ssh
line aux 0
password 7
logging synchronous
transport output ssh
line vty 0 4
password 7
logging synchronous
transport preferred ssh
transport input all
transport output ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
process cpu threshold type total rising 80 interval 10 falling 40 interval 10
ntp authentication-key 1 md5 7
ntp authenticate
ntp trusted-key 1
ntp source FastEthernet4
ntp access-group peer 20
ntp access-group serve-only 21
ntp master 1
ntp server 152.2.21.1 maxpoll 4
ntp server 204.235.61.9 maxpoll 4
ntp server 130.126.24.24
ntp server 216.229.4.69 maxpoll 4
ntp server 173.201.38.85 maxpoll 4
cns id hostname
cns id hostname event
cns id hostname image
cns image retry 60
netconf max-sessions 4
netconf lock-time 10
netconf max-message 0
event manager scheduler script thread class default number 1
event manager scheduler applet thread class default number 32
event manager history size events 10
event manager history size traps 10
end

Context SECURITY_AUTHENTICATION=EXTERNAL

Hello
I have an AD/AM ldap (microsoft application mode ldap). I want to authenticate my users in the AD (active directory).
to do:
DirContext theExternalDirContext = null;
Hashtable theExternal = new Hashtable();
theExternal.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
theExternal.put(Context.SECURITY_AUTHENTICATION,"EXTERNAL");
theExternal.put(Context.SECURITY_PRINCIPAL,"AD domain\\user");
theExternal.put(Context.SECURITY_CREDENTIALS,"password");
theExternal.put(Context.PROVIDER_URL,"ldap://url AD/AM");
theExternalDirContext = new InitialDirContext(theExternal);
When I execute this java:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 7 - 00002027: LdapErr: DSID-0C09049C, comment: Inval
id Authentication method, data 0, vece ]
Any help would be much appreciated
Thanks

Unfortunately ADAM does not support SSL client certitifcates as a credential mechanism. And it doesn't appear to be well documented :-(
ADAM only supports simple, http digest & SASL authentication mechanisms.
To authenticate user's connecting to ADAM with credentials stored in AD, you can either use simple authentication (via a user proxy object), or SASL.
Note that with the former, I recomend that you configure ADAM to use SSL, to protect the simple bind, as it is sent in the clear and with the latter, the server hosting the ADAM instance must be a member of the Active Directory domain.
Bind redirection is described at http://technet2.microsoft.com/WindowsServer/f/?en/library/2a678533-a3c9-4758-ab8f-c52477fc5c001033.mspx and Windows authentication is described at http://technet2.microsoft.com/WindowsServer/f/?en/library/2a678533-a3c9-4758-ab8f-c52477fc5c001033.mspx

SIP Authentication for Jabber clients

What protocol does the Jabber client use for SIP authentication? I assume it's using HTTP digest based authentication per the SIP standard. Is this true?

SIP authentication typically occurs over port 5060 (TCP, UDP, SCTP) or securely over 5061 (TLS) as per RFC3261 regarding SIP as a transport.
Cisco follows these same standards and refers to the ports used for SIP communication in the Jabber Video Admin Guide.
http://www.cisco.com/en/US/docs/telepresence/endpoint/movi/admin_guide/JabberVideo_Admin_Guide_4-4.pdf
- Scott

Two SPA 3102 connection problem

Hi All!
I have 2 3102 (2 location: my location, other location). I'd like to call the other location's 3102 wtith my 3102 through the internet:
Caller: my spa's line1 fxs port
Called: other spa's pstn line's fxo port
All the 2 locations: the 3102's behind a nat (fli4l linux router). I use dyndns service on all the 2 locations.
Other settings (either 3102):
- 5060-5063 tcp+udp ports forwarded tho the spa's lan ip
- 16384-16482 tcp+udp ports forwarded tho the spa's lan ip
- NAT Mapping Enable:YES
CALLED SPA's PSTN:
- SIP Port:5061
- Register:NO
- User ID:any
- Dial Plan 1:xx.
- VoIP Caller Auth Method:none
I think this setting is correct
CALLER SPA's LINE1:
DIALPLAN:
(xx.:@other.spas.dynipname:5061)
I don't know what is the problem
I tried all the SIP tab's 'NAT Support Parameters'. No result
Please help me!
Thanks!

calibra wrote:
CALLER SPA's LINE1:
DIALPLAN:
(xx.:@other.spas.dynipname:5061)
If you have a userid on the distant spa (you show "any" ) then you need to include the userid in the address. If you have no user id then you don't need to include it. You can have the address in the dial plan or you can set it up in a Speed Dial. For a dial plan you would have something like this:
(S0<:any@dynipname :5061> )
For a speed dial you would have something like this
any@dynipname :5061
without the extra spaces which are here because of the forum syntax. If you put the speed dial in number 2 then you would dial it by 2#. In this case, your basic dial plan needs to allow single digit dialing.
You could also consider using HTTP digest authentication. The benefit would be that you can dial the distant pstn number directly on the calling spa when you make the call. You don't have to worry about dtmf digit transmission over the internet, the called number goes out in a sip invite.
To use HTTP digest authentication you setup the distant spa with that type of authentication. On the distant spa, under VoIP Users and Passwords (HTTP Authentication) you setup an AuthID, Password, and Dial plan. On the Calling SPA you put the distant spa dynipname : port as the proxy, the AuthID and Password (that you setup on the distant SPA) as the userid and password. Of course, you setup Register NO, Make and Receive calls without reg YES on both spas. In this http digest authentication setup your dial plan in the calling and the receiving spas would be (xx.).
You can only use the HTTP digest authentication if you are not using the calling spa for other calling purposes that would conflict with the proxy setting.

Http Digest authenticatio

Similar Messages

Maybe you are looking for