Is security-principal-map necessary
To use container-managed security, is the deprecated security-principal-map required
in the weblogic-ra.xml? The fact that
it's deprecated makes me think there must be an alternate
mechanism, but I can find none, and
http://edocs.beasys.com/wls/docs70/jconnector/security.html#1232806
states "To use container-managed sign-on ... WebLogic Server looks for a Security
Principal Mapping specified with the security-principal-map element in the weblogic-ra.xml"
On the other hand, if I don't have it in my weblogic-ra.xml everything seems to
work fine, except the log reports:
<Unable to determine Resource Principal for Container Managed
# Security Context>
We support access of RAs only from webapp/ejb.
prasen
Shreesh Ponkshe wrote:
>
> I have developed an RA and have deployed successfully on WLS6.0. However, I am
> having problems invoking it from remote clients. I need to set it's security such
> that any client be able to use the resource. I understand it is somethign to do
> with the <security-principal-map> in weblogic-ra.xml. Can anyone tell me HOW?
>
> One more important(?) detail : My RA does not implement the security contract
> . I assume it is OK 'coz it is an optional contract.
>
> Regards,
> Shreesh.
Similar Messages
-
Wrong security Principal in ADF BC deployed as EJB SessionBean
Hi everybody,
We have an ADF Web application using ADF Faces and ADF BC. Due to security reasons we need to execute the ADF Faces layer and the ADF BC layer at separate machines (in separate security zones), so we tried to deploy and access ADF BC as EJB Session Beans (i.e. to use "remote" Business Components). We used the necessary JDeveloper wizards to make it, we did have problems to achieve it on JDev 11.1.1.2 and JDev 11.1.1.3 (due to runtime java.lang.ClassCastException: oracle.adf.model.servlet.HttpSessionContextImpl cannot be cast to oracle.jbo.SessionContext, which probably is a bug), but eventually we succeded on JDev 11.1.1.4.
Unfortuanetly we encountered a problem - in the remote ApplicationModuleImpl (at "ADF BC" tier, where the EJBs were deployed) <tt>ADFContext.getCurrent().getSecurityContext().getUserName()</tt> does not return the username of the currently authenticated user (e.g. the session user in the presentation tier), but it returns the username of the user who has been current when this particular AM instance has been created (e.g. next time when this AM instance is reused by another user the method does not return his username but the username of the AM instance's creator). Note, that our EJBs are configured by default with <tt><use-caller-identity/></tt> and we have established Global Trust between the WLS domains, so the current authenticated Subject from the client tier should be propagated to the remote EJB (in order to execute the EJB in the security context of the client application).
We rely on the username in ApplicationModuleImpl.prepareSession() to setup a security context in the database session, so it is crucial for us to get the correct username. The method <tt>ApplicationModuleImpl.getUserPrincipalName()</tt> returns the proper username, but not always, because of a well-known bug appearing since JDev 11.1.1.2, so we could not use this method either.
My questions are:
(1) Has anybody encountered such a problem?
(2) What should happen in such a configuration, e.g. how and when the "remote" ADF SecurityContext is (re)loaded in such an environment?
(3) How could we resolve the problem?
Our environment is JDeveloper 11.1.1.4 + WebLogic Server 10.3.4.
Thanks,
Dimitar
Edited by: Dimitar Dimitrov on Feb 4, 2011 6:53 PMHi codeplay,
The forum has excluded this thread from my watch list when I have marked the thread as answered and I have missed your questions, so I appologize to you. Now I am answering your questions despite it may be too late for you.
Q: I am very interested to know that besides this wrong security principal issue, what else problems do you encounter for BC-as-EJB deployment?1) The EAR file that is generated for the remote ADF BC (i.e. for the ADF BC deployment at the remote server) puts the EJB JARs in <tt>lib</tt> folder within the generated EAR instead of <tt>APP-INF/lib</tt> (which is part of the CLASSPATH in WebLogic by default). As a result we were receiving ClassNotFound exceptions. The problem is solved by specifying <tt>APP-INF/lib</tt> as a target for the "Application Libraries" file group in the corresponding EAR deployment descriptor;
2) We were receiving "Exhausted ResultSet" or "ResultSet is already closed" exceptions (I cannot remember well which ones, please excuse me, it was some time ago). We solved this problem by setting <tt>jbo.ejb.txntype=global</tt> in AM's configuration (i.e. we instructed the framework to use global (e.g. JTA) transactions instead of local ones). However, this setting caused another problem - after COMMIT/ROLLBACK the framework did not start a new global transaction immediately. We solved this problem by implementing <tt>afterCommit()</tt> and <tt>afterRollback()</tt> methods to our ApplicationModuleImpl class where we started a new JTA transaction explicitly.
Q: For EO attributes that are configured as "Track Change History" (created/updated by), will the correct values be stored? Assume we couldn't get correct user name from remote BC, what else features do we lose? (eg, protect EO attributes using ADF security?)As far as I know history attributes rely on the method <tt>ApplicationModule.getUserPrincipalName()</tt>. This method is considered as a deprecated, but in fact the history attributes rely on it instead of the <tt>ADFContext.getCurrent().getSecurityContext().getUserPrincipal().getName()</tt>. The method getUserPrincipalName() returns a wrong result only during the 1st chekout after AM's establishment in the AM pool. Then it works correctly even if recycling the AM instance in another user session. In fact this method was the most reliable "username" source (but not reliable during the initial checkout).
Q: My understanding is that you will go for this kind of deployment in your project regardless of all known issues, is it?A: No, we abandoned this kind of deployment because of all these problems and because we realized that Oracle's support for this feature is very poor and Oracle did not confirm commitment to this feature in the future.
Lastly, did you ever try to reproduce this issue in jdev 11.1.2?A: No, we have not tried JDev 11.1.2 because it was not existing at the time when were doing our trial and because our application was going to be a WebCenter application. JDev 11.1.2 does not have WebCenter extension yet.
Dimitar -
Security Principal propagation from Web Server to App Server
How would I propagate a customer Principal from weblogic Web Server
to a Weblogic App Server?
For e.g this is what I want to do.
1. User logs in via a login page with UserId and password.
2. After a user is authenticated successfully, I want to fetch
some user credentials like groups he belongs to, his status etc.
basically his profile info (stored in oracle db). I want to store
this as part of a security principal object. How do I let the weblogic
web server know about this principal?
3. I want the Weblogic Servlet container to recognize this principal
and whenever any servlet calls a ejb, the web server should send
this custom principal to the weblogic app server so that the ejb
container can identify it.
4. In the ejb, I should be able to do sessionContext.getPrincipal()
that will return my custom principal object, which would give the
ejb access to the credentials of the logged on user.
Has anyone done this? This is urgent. Can anyone pls shed some
light on this.Hi,
Basically you need to install the loadbalancer plugin on the web server and then configure the loadbalancer.xml in the config folder. You need to turn the httpsrouting to true. Then all will work fine for HTTPS and HTTPS
for HTTPS on web server and HTTP on app server, you need to turn the httpsrouting to false.
Regards,
Abrar -
Hi,
I am trying to add acl to the node dynamically.
For a path "/content/dam/abc" folder I want to add read and write access to "testusers" group through the api.
For this I am trying to create principal and privilages objects.
I am using below code for getting Principal Manager. At compile time in maven it is compiling but the bundle is not getting activated once you install bundle in CQ.
PrincipalManager pm = AccessControlUtil.getPrincipalManager(session);
org.apache.jackrabbit.api.security.principal,version=[1.5,2) -- Cannot be resolved
above error is coming in the bundle imports.
-MaruthiHi,
I am trying to add acl to the node dynamically.
For a path "/content/dam/abc" folder I want to add read and write access to "testusers" group through the api.
For this I am trying to create principal and privilages objects.
I am using below code for getting Principal Manager. At compile time in maven it is compiling but the bundle is not getting activated once you install bundle in CQ.
PrincipalManager pm = AccessControlUtil.getPrincipalManager(session);
org.apache.jackrabbit.api.security.principal,version=[1.5,2) -- Cannot be resolved
above error is coming in the bundle imports.
-Maruthi -
Hello world,
To anybody who receives this irritating error in a Java client
application attempting to access Weblogic Server 6.1 (and possibly
weblogic server 6):
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: attempting to add an object which is not
an instance of java.security.Principal to a Subject's Principal Set
The cause of your problem is having JAAS explicitly in your classpath.
It somehow messes up authentication to WebLogic. Remove it and your
problem will disappear.
The complete exception was:
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: attempting to add an object which is not
an instance of java.security.Principal to a Subject's Principal Set
at javax.security.auth.Subject$SecureSet.add(Subject.java:1098)
at weblogic.common.internal.BootServicesStub.writeUserInfoToSubject(BootServicesStub.java:72)
at weblogic.common.internal.BootServicesStub.authenticate(BootServicesStub.java:80)
at weblogic.security.acl.internal.Security.authenticate(Security.java:108)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:509)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:364)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:336)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:208)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at javax.naming.InitialContext.init(InitialContext.java:222)
at javax.naming.InitialContext.<init>(InitialContext.java:198)
at au.com.orrcon.orrconcentral.Application.<init>(Application.java:87)
at au.com.orrcon.orrconcentral.Application.getApp(Application.java:52)
at au.com.orrcon.orrconcentral.orrconCentral.<init>(orrconCentral.java:130)
at au.com.orrcon.orrconcentral.orrconCentral.main(orrconCentral.java:219)Steve Wesemeyer <[email protected]> wrote:
I have encountered the same problem and I do not have JAAS on my classpath
at all (unless it's there by default). Are there any other possible
causes for this?
Cheers,
SteveA note to all who read this thread:
I also had to remove Sun's j2ee (version 1.2) from my client's classpath before
the same problem went away. 1 programmer day down the drain....
Regards,
MG -
jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subjec
on runnig the program during the call of method Authenticate.authenticate(env,
subject); giving following exceptions Error: Login Exception on authenticate,
java.lang.SecurityException: attempting to add an object which is not an instance
of java.security.Principal to a Subjec t's Principal Set Authentication Failed:
Unexpected Exception, javax.security.auth.login.LoginExce ption: java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subject's Principal Set javax.security.auth.login.LoginException: javax.security.auth.login.LoginExcepti
on: java.lang.SecurityException: attempting to add an object which is not an ins
tance of java.security.Principal to a Subject's Principal Set at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java
:192) at java.lang.reflect.Method.invoke(Native Method) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 25) at
javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) at java.security.AccessController.doPrivileged(Native
Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
:528) at javax.security.auth.login.LoginContext.login(LoginContext.java:449) at
examples.security.jaas.SampleClient.main(SampleClient.java:96)
1)what is the reason for this problem
2)in weblogic document they told to edit server.policy file in webligic\lib folder
a)what the modification is needed in this file..?Hi jerry
i already got that problem solved by removing jaas.jar file
from class path.
i don'nt how it is working with out in classpath...?
Jerry <[email protected]> wrote:
Hi Nivas,
I think that the problem you are seeing has something to do with the
placement of jaas.jar in your classpath
On WebLogic server, put jaas.jar in the classpath after weblogic.jar.
I would bet that you have it placed before weblogic.jar right now.
I don't think the exception that you're seeing right now has anything
to do with your weblogic.policy file right now, so I think it is
safe to not worry about it right now.
Hope this helps,
Joe Jerry -
Problem with Security Role mapping and LDAP
Hi,
In Oracle Internet Directory I've created a group called OIDGroup1.OIdGroup1 has 2 users : OIDuser1 and OIDuser2.
OIDGroup1 is mapped to EjbRole1 (is a security role defined in ejb-jar.xml, EjbRole1 can do everything in the application).Now if I login as OIDuser1 or OIDuser2, application said that the user does not
have authorization to execute some method. The mapping in my orion-application.xml is :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
</security-role-mapping>
<jazn provider="LDAP" location="ldap://myhost:4032"><jazn-web-app auth-method="SSO"/></jazn>
if I modified orion-application.xml like this :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
<user name="admin/OIDuser1"/>
</security-role-mapping>
then login as OIDuser1, it works. But it does not work with OIDuser2.
That's is a problem for me because our customer can not manage the user/group
easily : each time they have a a new user, instead of simply adding this user
in the OIDGroup1 (with graphic interface of OIDAS), they have to modify
orion-application.xml.
Do you have any idea ?
Thanks in advance
regardsI found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).
-
Serialize java.security.Principal
The problem is:
I'am using IBM WebSphere Portal 5.1
I can get current user
request.getUser();So I get instance of such class:
package com.ibm.wps.puma;
public class User extends com.ibm.wps.puma.Principal
implements Serializable, Principal, org.apache.jetspeed.portlet.User, com.ibm.portal.puma.User{
}As you can see, I can access this object through interface java.security.Principal
Also, this object can be serialized. That's great.
I have a web-service.
It needs java.security.Principal from User
So I've tried to add parameter com.ibm.wps.puma.User to the method of web-service interface.
I thought I can send class via SOAP to web-service and then access it through java.security.Principal on the server-side of web-service.
User is stored in bean:
public class WSPrincipalBean {
private String userName;
private String password;
private User user;
public WSPrincipalBean(){
public Principal getPrincipal() {
return (Principal)user;
public void setUser(User user) {
this.user = user;
}When I generate web-service I get several warnings: some fields of User user cna't be serialized. But I don't need actually this fields.
When I generate client based on my web-service wsdl I loose field User user.
Web-service and web-service clint use JAX-RPC 1.0 / 1.1 and WebSphere Application Server 5.1
Please, can you suggest me any solution?
Is there any way to make full serialization of java.security.Principal?Rachman wrote:
What is serializable..?
How to use Serializable..?
I'm not understanding about this.. please help me...
Thanks for all...See simple example:
[http://www.idevelopment.info/data/Programming/java/serialization/SimpleSerialization.java|http://www.idevelopment.info/data/Programming/java/serialization/SimpleSerialization.java]
Read Sun FAQ
[http://java.sun.com/javase/technologies/core/basic/serializationFAQ.jsp|http://java.sun.com/javase/technologies/core/basic/serializationFAQ.jsp]
In common serialization allows you to store instances of classes (I mean any objects) in files.
Then you can restore them and use in your program.
You can specify fields which will be stored in file +(serialization)+ and which you don't want to store. So, after restoring +(deserialization)+ such fields will get default values.
You need serialization when you are developing some network application. I am developing interaction between portlet app and web-service.
I need serialize some objects to transfer them to web-service. I just transfer some kind of text +(xml data)+ to web-service. Web-service accepts xml-data, read it, deserialize it and get objects.
So you don't pay attention to network stuff. You have to pay attention to serialization of your objects. If object you want to send to web-service doesn'r have proper serialization it can be corrupted and you can loss data.
Of course there are plenty other situations when you need serialization. -
ISE Security Group Mapping download to ASA
We are implementing Security Tags with an ASA and ISE. We have generated the PAC and imported it into the ASA and they in sync. The Security Groups are present in the ASA, but the IP to Security Group Mapping that was manually placed in ISE aren't downloaded. We have configured the WLC as a speaker and these mappings are dynamically updated on the ASA. Does the ASA need to additional configuration, ie does ISE need to be configured as a peer for the static mappings to be downloaded?
Please advise,
JoeUpdate:
I am testing with a username and enable password to see if this makes a difference. It appears it now tries to deploy and says it is Updated but I don't see anything in the ASA. All the ISE Diagnostic tests result in an invalid enable password. I am logging into the ASA with the same creds without issue. I have attempted several times with a copy and paste but it won't validate.
Any suggestions?
Thanks,
Joe -
SAML - USer Principal mapped on a SAML attribute - How to do ???
Dear security experts,
I have configured on my weblogic platform a Sender vouches SAML profile.
I am trying to map the UserPrincipal (the one I get from the webServiceContext in my web service) to a SAML attribute (different from the SAML subject).
I have written a class that implement the interfaces SAMLIdentityAssertionNameMapper and SAMLIdentityAssertionAttributeMapper .
Here is an overview of the simplified implementation :
public String mapNameInfo(SAMLNameMapperInfo info, ContextHandler handler) {
return "user2";
public void mapAttributeInfo(Collection<SAMLAttributeStatementInfo> attribStmts, ContextHandler contextHandler) {
Set<Principal> principals = new HashSet<Principal>();
principals.add(PrincipalFactory.getInstance().createWLSUser("user1"););
((SecurityTokenContextHandler)contextHandler).addContextElement(ContextElementDictionary.SAML_ATTRIBUTE_PRINCIPALS, principals);
After weblogic has loaded my SAML assertion, I can see in the log that my uibject has two User Principal : user1, user2. When I call getUserPrincipal in my webservice, I always get "user1". I need to get "user2".
Why mapNameInfo() always has the priority ? Is it the good way to implement this mechanism ?
Thanks for your help.Gyan:
How is that possible? If you import the VOImpl inside EOImpl, the import statement is ok. But how would you use that? There is no findViewObject method? The OADBTransaction class that I can use has only findObject method that one can use and I tried that but wasn't successful. Shouldn't you have to import OAApplicationModule and a host of other classes? Is that even possible?
I thought about the entity expert approach but I don't have a need to execute any query. I just need to refer to the view attribute from within the EOImpl. That's what I am looking for. If there is a way to refer to a view attribute from within the EOImpl without having to populate that attribute in a session/transaction variable that would be a better solution for me because there may be more attributes that I need from different VOs later on and everytime I need some VO attribute I don't have to create and populate a session/transaction variable.
Please let me know if it can be done. Can you please elaborate more on your proposal? I really appreciate your time and help. Thanks!
- Muzammil -
How Does The security-role Mapping Work?
I am studying the security part of the deployment descriptor. I am confused about
how the mapping works.
Suppose we have
<security-role>
<role-name>manager</role-name>
</security-role>
and
<security-role-ref>
<role-name>FOO</role-name>
<role-link>manager</role-link>
</security-role-ref>
My first question is when a client of the servlet supplies a name for authentication,
the name supplied should be FOO or can be, say, John Smith?
Then, according to the Servlet Specification, a security role is a logical grouping
of users defined by the Application Developer
or Assembler. When the application is deployed, roles are mapped by a Deployer
to principals or groups in the runtime environment.
My second question is how deployer maps the role, say, manager, to principals
or groups in the runtime environment?
Thanks in advance.
Thanks a lot, Udit.
"Udit Singh" <[email protected]> wrote:
>
>Hello,
>The role-name is mapped to principals or gruops based on the security-role-assignment
>entrires in weblogic.xml. Let us say you have a role-name FOO and you
>want to
>assing this role to users John and Mark. You need to make this entry
>in weblogic.xml-
><security_role_assignment>
> <role-name>FOO</role-name>
> <principal-name>John</principal-name>
> <principal-name>Mark</principal-name>
> </security_role_assignment>
>
>so now actually the user need to supply John or Mark as user name at
>the time
>of authentication . Hope it helps.
>
>Udit
>
>
>"[email protected]" entrance wrote:
>>
>>I am studying the security part of the deployment descriptor. I am confused
>>about
>>how the mapping works.
>>Suppose we have
>><security-role>
>><role-name>manager</role-name>
>></security-role>
>>
>>and
>>
>><security-role-ref>
>><role-name>FOO</role-name>
>><role-link>manager</role-link>
>></security-role-ref>
>>
>>My first question is when a client of the servlet supplies a name for
>>authentication,
>>the name supplied should be FOO or can be, say, John Smith?
>>
>>Then, according to the Servlet Specification, a security role is a logical
>>grouping
>>of users defined by the Application Developer
>>or Assembler. When the application is deployed, roles are mapped by
>a
>>Deployer
>>to principals or groups in the runtime environment.
>>
>>My second question is how deployer maps the role, say, manager, to principals
>>or groups in the runtime environment?
>>
>>Thanks in advance.
>>
>>
>>
>
-
Principal mapping across domains -help!
Hi, I am trying to find a way to authenticate users on a WL6 domain
and then have these users' principal object mapped across to a
different domain so that I do not have to re-authenticate them (i.e.
they are trustworthy). Does anyone know how this is done?
Thanks, Stephen.Have you tried making the system password the same under both domains?
See
http://edocs.bea.com/wls/docs70/secmanage/domain.html#1171534
Regards,
Jon
"Stephen" <[email protected]> wrote in message
news:[email protected]..
Hi, I am trying to find a way to authenticate users on a WL6 domain
and then have these users' principal object mapped across to a
different domain so that I do not have to re-authenticate them (i.e.
they are trustworthy). Does anyone know how this is done?
Thanks, Stephen. -
IS Mapping necessary after Reimporting the RFC
hi,
i have mapped rfc message to a target message, but now i reimported my rfc with same name and fields but with different lengths now do i need to remapp all the elememnts.
regards,
RajHI,
If you change the RFC field lengths etc.. then just refresh the Mapping and Interface Mapping by going with Edit mode and choose the RFC interface and activate it. To do the changes in sync
Also refresh the cache in the Integration Directory. If your error is during runtime the new changes are not reflected, then options are
1) Refresh the Adapter Metadata, Go to IntegratioN directory->Admin->Cache Overview and do all the cache refresh
2) CPACache Refresh
3) Restart the RFC adapter from J2EE engine.
Regards,
Moorthy -
Weblogic security realm mapping to DB
I have one question about Weblogic 7.01 security.
I have created USER, GROUP and ROLES table in my RDBMS.
Can I use the RDBMS realm if my users are in a database
table already? Can I tune Weblogic security realm to my database tables?
Any advice or links will be very appreciate.
Thanks a lot for any help, Volodymyr Shram.Thanks, criokeeper for your fast answer.
Woould you so kind to explain me one moment.
At http://e-docs.bea.com/wls/docs70/ConsoleHelp/domain_rdbmsrealm_config_general.html I found that "To use the RDBMS security realm, you need to use Compatibility security. The use of the RDBMS security realm is deprecated in WebLogic Server 7.0."
What does that means? Have I use the Compatibility security or it's jaust for ver. 6.x to ver.7.0 migration?
Thanks a lot for your answer.
Regards, Volodymyr. -
I am trying to test my security code for my RA. Can anyone shed some light
on how configure both weblogic-ra.xml <security-principal-map> and WLS
to cause different users to try and access the same factory? I'm looking
for
something quick if possible, don't need the complete security environment.
Thanks.
Eric
You can fix this in several ways, like enabling the services again. Easier is to recreate the policy, from the console obviously, and
check the Remote Desktop feature under
installed options. As you can see on the image: It’s turned off by default.
After this is done you can apply the policy to the Windows 2008 server(s) and you can connect to the server again! Yay!
I hope this was informative for you.
Maybe you are looking for
-
Would like to understand WHY changing the IP address seems to make a difference.
I have had significant difficulty getting my WRT54G v5 to pass to the internet multiple pcs connected by cable and/or wireless. Default settings seemed to work fine to log into the LAN, but only 1 connection would go to the internet. I called Links
-
I would greatly appreciate any help with this thank you!
-
How to optimize the performance of this code ?
I've two Movie clips on a flash project. One of them is fixed and the other can be moved by arrow buttons on the keyboard. The two Movie clips have irregular shapes, so HitTestObject and HitTestPoint doesn't work very well. I've a function that detec
-
What would cause my photo library of several thousand images to suddenly go blank and become an unrecognizable format? When I highlight a blank "place-saver", the information block says it is a JPEG Image. I have several other libraries which have no
-
I am trying to change my country from Australia to Canada however when I try to it says that I have an incomplete season pass however the season pass is actually complete. Can anyone help please? It's driving me bonkers!