ISE Guest Access- Redirect to URL after successful logon

Similar Messages

• Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.

  Hi to all,
  I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
  I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID.  The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
  Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
  Error: Resource not found.
  Resource: /guestportal/
  Does anyone have any ideas why the portal is doing this?
  Thanks
  Paul

  Hello,
  As you are not able to  get the guest portal, then you need to assure the following things:-
  1) Ensure that the  two  Cisco av-pairs that are configured on the  authorization profile should  exactly match the example below. (Note: Do  not replace the "IP" with the  actual Cisco ISE IP address.)
  –url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
  –url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also  defined on the access switch)
  2) Ensure that the URL redirection portion of the ACL have been  applied  to the session by entering the show epm session ip   command on the switch. (Where the session IP is the IP address  that is  passed to the client machine by the DHCP server.)
  Admission feature : DOT1X
  AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
  URL Redirect ACL : ACL-WEBAUTH-REDIRECT
  URL Redirect :
  https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
  0000A45A2444BFC2&action=cpp
  3) Ensure that the preposture assessment DACL that is enforced from  the  Cisco ISE authorization profile contains the following command  lines:
  remark Allow DHCP
  permit udp any eq bootpc any eq bootps
  remark Allow DNS
  permit udp any any eq domain
  remark ping
  permit icmp any any
  permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
  permit tcp any host 80.0.80.2 eq www --> Provides access to internet
  permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
  port
  permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  permit udp any host 80.0.80.2 eq 8905 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  permit udp any host 80.0.80.2 eq 8906 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  deny ip any any
  Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
  4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on  the switch as follows:
  ip access-list extended ACL-WEBAUTH-REDIRECT
  deny ip any host 80.0.80.2
  permit ip any any
  5) Ensure that the http and https servers are running on the switch:
  ip http server
  ip http secure-server
  6) Ensure that, if the client machine employs any kind of personal  firewall, it is disabled.
  7) Ensure that the client machine browser is not configured to use any  proxies.
  8) Verify connectivity between the client machine and the Cisco ISE IP  address.
  9) If Cisco ISE is deployed in a distributed environment, make sure  that  the client machines are aware of the Policy Service ISE node FQDN.
  10) Ensure that the Cisco ISE FQDN is resolved and reachable from the  client machine.
  11) Or you need to do re-image again.

• Redirect to custom url after successful authentication by OAM

  Hello,
  I need to redirect the user to some custom url instead of original requested url after successful authentication in OAM 11.1.2 (11g release2).
  The requirement in my case is depending upon the user type and the region(one of the user's ldap attributes) it belongs to, it should be redirected to one of the 2 available applications.
  I have tried implementing the same using custom authentication plugin in which I have used RedirectionActionContext class.
  I have also tried setting plugin response as REDIRECT and specifying the custom page url.
  I have also tried changing the "resource_url" parameter in authentication context.
  However, none of above approaches are working.
  Can anybody help me?
  Thanks,
  Purva

  Hello,
  I have exactly the same requirement. Have you solved the problem?
  Thanks,
  Purva

• WLC and ISE guest access COA

  We are migrating to ISE for guest access and are having problems with the COA being delivered after a successful authentication.  ISE attempts to send it but nothing changes on the WLC.  The message in ISE is Dynamic Authorization failed and a message that ISE didn't receive a response from the NAD, verify communication.  What is odd is the original guest request comes in from the IP address of the service port on the WLC but anything doing with the COA is seen from the management.  I have both IP's defined for the device in ISE.  I am about to do a session reauthentication within ISE and the WLC applies the changes.  I have verified that RFC 3576 is enabled, but the show radius rfc3576 stats shows no values.  The WLC is running 7.6.130.  I have attempted to debug on the WLC side to see if the message is even being delivered but non the debugs i have attempted seem to offer any good information.
  Anyone have any suggestions?  
  Thanks,
  Joe

  Hi Joe,
  I dont really know what you are trying to do with the COA , as it is used in the CWA solution and BYOD solution as well. But even before trying that , I would advise you to go step by step and solve the n/w issue first. You are able to see the request from service port which should not happen because then the incoming/outgoing traffic takes different path. You must be facing this situation as you might have some network routes matching ISE subnet/Ip address in the GUI>Controller>Network routes as there is no need of those routes. If the service port needs to be used during controller down scenario then use a laptop in the same subnet of Service port ip and connect to the service port.
  Regards
  Dhiresh
  **Please rate helpful posts**

• ISE - Guest Access (without portal)

  Hi Guys,
  I have a customer who current is using the cwa portal for guest access. Corporate use will be added in the future sometime next year.
  Kit involved:
  5508 - Internal (Inside Net)
  5508 - Anchor (DMZ Net)
  ISE - Inside Net
  3600 APs
  Presently, guest user connects, anchored to DMZ 5508, issued IP address from server in DMZ and DNS redirect to the web portal from same server. guest logs in and internet access through ASA and then content filtering box.
  They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
  I'm leaning toward PEAP authentication atm using a GoDaddy SSL cert that is already installed. This would bypass the portal system and only involve client devices being configured once.
  Is there any other option that would be simple to setup as this is on a limited timescale ?
  Cheers,
  Nick

  Nick,
  They want a solution whereby they do not have to use the portal for  corporate user with their own devices such as ipads. I know BYOD is a  possiblity but would involve using a CA server on the inside of the  network. This is not something I'm keen as it opens a channel from the  guest network directly to their AD infrastructure.
  If you are referring to supplicant provisioning, the scep enrollment request is proxied from ISE and the private key and cert is transferred to the endpoint. This doesnt require your guest network having direct access to AD....just to ISE.
  Tarik Admani
  *Please rate helpful posts*

• ISE guest access - can't match on Optional Data fields

  Hi all
  I need to have 2 different types of guest users that will get different level of access with DACL / Airspace ACL
  I thought that best way to do that is simply matching one of optional data fields you can setup in Sponsor Portal
  Unfortunately as soon as I reference Optional Data field in Authorization rule I get no match. Can't also match on username which would not help anyway.
  getting redirected, login, getting redirected again etc.......
  This is affecting both wireless and wired.
  As soon as I remove that additonal condition from authz rule guest access works fine - getting redirected, log in, surf the internet.
  Is this is bug with ISE that you can't match guest optional data fields?

  Hi evnafets,
  You were right. How silly I am didnt see that small thing- but STILL PROBLEM IS UNSOLVED.
  [ore]
  java.sql.SQLException: [Microsoft][ODBC Microsoft
  Access Driver] Missing ), ], o
  r Item in query expression 'Post_Date LIKE
  to_date('04-06-2005',' dd/MM/yyyy''.
  Like it says, you have a missing ")" character
  rs=stmt.executeQuery("SELECT Name FROM
  NoticeBoardTable WHERE Post_Date LIKE to_date('"+
  date_str+"', 'dd/MM/yyyy' <--HERE NEED A CLOSING
  BRACKET ");
  When I did this it said to_date function is not available that because Ms-access doesn't have this function. Then I just changed the query to:-
  rs=stmt.executeQuery("SELECT Name FROM NoticeBoardTable WHERE Post_Date LIKE "+ date_sql ); . Although it didnt generate any exception, but dont show any record.
  But even better would be to use a prepared
  statement.
  String sql = "SELECT Name FROM NoticeBoardTable
  WHERE Post_Date LIKE  ?";
  PreparedStatement stmt = con.prepareStatement(sql);
  stmt.setDate(1, date_sql);
  ResultSet rs = stmt.executeQuery();
  I had prepared statement in my final servlet, I made this one just to check why its not working on dates. Also on your advice I changed it to prepared statement. It runs fine but didn't show any record with date 04-06-2005 although I have it in my database (not generating any exception).
  I print the sql date throuht servlet just to check , its showing 2005-06-04. May be its formate problem.
  Thanks
  Regards

• Guest Access Redirect accepting AD credentials

  I have a 2106 controller with a guest access SSID on a isolated vlan 192. The guest SSID is setup for webauth and redirects all traffic to the isolated vlan 192. There is a RADIUS server handling AD authentications on the native management vlan. The dhcp scope on the guest access (192) vlan resides on a watchguard firewall. When I connect to the guest SSID with a WLC resident account and password I am allowed internet access fine. When I use a AD account and password from the rest of the network I am also allowed on fine. Anyone seen this before? I should not be able to even to see the AD server from the isolated VLAN much less have the controller see it as a valid login. I get an IP address from the isolated vlan and I can not ping my protected (all other vlans) network. The problem is I can not monitor content easily or filter where my AD users are going if they connect to the guest SSID. Code is older version 4.0.217.0 and I will upgrade unit to 4.1.185 this week but I suspect the problem will still exist.

  I am posting this as I have found my problem. This is bug number CSCsh35098. In this bug the if the Web account for the local user fails then the authentication request will be forwarded to a RADIUS server if one is configured on the controller. It over rides the WLAN setting to not have a RADIUS authentication. The work around is to change the RADIUS authentication from PAP to CHAP or MD5-CHAP as this will not allow the RADIUS to authenticate.

• ISE 1.2 redirect to origin URL after successful login

  Hi, is there a possibility to redirect guests to the URL they tiped in, before they had to authenticate? We're running ISE 1.2., the webserver is running on it and after login the user has to retype the URL he wants to visit.. it would be great if the user would be automatically redirected..
  Thanks!
  KR

  ISE is set up to do this with the latest patch (Patch 5).  Now we are just waiting on new code for the rest of the NADs to implement this.
  Actually, support was added to 1.2 P5, but it is up to access devices to add the support for forwarding the URL in redirect request to ISE.  I believe WLC will be first to do so in 8.0 timeframe.

• ISE Guest Portal redirection not working

  I have built a lab at home. I have a Win2008 Server for AD/DNS, ISE 1.2 (VM trial), a 3560-cg switch, 2500 WLC and 2602i AP. I have configured everything as per the documentations online. My issue is that when I connect to the open SSID, it gets connected and has the dns server populated as well, but the redirection never takes place. I can search for google or cnn.com but it just stays at looking up host or something. However, if i take the redirect URL from the WLC and then do it on the browser, it does go to the guest portal. Let me know what issues I can see and if there is any other information I can provide.

  Issue resolved.
  Since my lab environment didnt have access to the internet and hence dns servers 8.8.8.8 would not resolve any public ips. But when an address is resolvable by a dns then it redirects nicely. For test I created a dns entry on the dns server itself and tested it.
  Sent from Cisco Technical Support Android App

• ISE-Guest Portal Redirection

  Dears
  i have configured everything right for the Gusset login and everything is going the way i want except one thing that the switch doesn’t force the quest to web directed to the ISE login paged however the ouput of the below command looks perfect and when i copy the url manually it works .. so how can i make it automatically ?
  ISE-SWITCH#sh authen se int f0/12 
              Interface:  FastEthernet0/12
            MAC Address:  c80a.a96a.47b1
             IP Address:  Unknown
              User-Name:  C8-0A-A9-6A-47-B1
                 Status:  Authz Success
                 Domain:  DATA
        Security Policy:  Should Secure
        Security Status:  Unsecure
         Oper host mode:  multi-auth
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
                ACS ACL:  xACSACLx-IP-CENTRAL_WEB_AUTH-50683952
       URL Redirect ACL:  ACL-WEBAUTH-REDIRECT
           URL Redirect:  https://EG1SHQ06.HEIWAY.NET:8443/guestportal/gateway?sessionId=0A8B080600000005001ECF63&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0A8B080600000005001ECF63
        Acct Session ID:  0x00000007
                 Handle:  0xD9000005
  Runnable methods list:
         Method   State
         mab      Authc Success
         dot1x    Not run
  ISE-SWITCH#sh ip access-l
  Extended IP access list ACL-WEBAUTH-REDIRECT
      10 deny ip any host 10.139.8.216
      11 permit tcp any any eq www
      12 permit tcp any any eq 443
  Extended IP access list Auth-Default-ACL-OPEN
      10 permit ip any any (314 matches)
  Extended IP access list xACSACLx-IP-CENTRAL_WEB_AUTH-50683952 (per-user)
      10 permit udp any any eq domain
      20 permit icmp any any
      30 permit tcp any any eq www
      40 permit tcp any any eq 443
      50 permit tcp any host 10.139.8.216 eq 8443

  i did this changes and even upgraded the switch IOS to 12.2(58)SE2 but no luck ,
  any other idea?
  ISE-SWITCH#sh ip access-l               
  Extended IP access list ACL-DEFAULT
      10 permit udp any eq bootpc any eq bootps
      20 permit udp any any eq domain
      30 permit icmp any any
      40 permit udp any any eq tftp
      50 permit tcp any host 10.139.8.216 eq www
      60 permit tcp any host 10.139.8.216 eq 443
      70 permit tcp any host 10.139.8.216 eq 8443
      80 permit tcp any host 10.139.8.216 eq 8905
      90 permit udp any host 10.139.8.216 eq 8905
      100 permit udp any host 10.139.8.216 eq 8906
      110 permit tcp any host 10.139.8.216 eq 8080
      120 permit udp any host 10.139.8.216 eq 9996
      130 deny ip any any log
  Extended IP access list ACL-POSTURE-REDIRECT
      10 deny udp any any eq domain
      20 deny udp any host 10.139.8.216 eq 8905
      30 deny udp any host 10.139.8.216 eq 8906
      40 deny tcp any host 10.139.8.216 eq 8443
      50 deny tcp any host 10.139.8.216 eq 8905
      60 deny tcp any host 10.1.252.21 eq www
      70 permit ip any any
  Extended IP access list ACL-WEBAUTH-REDIRECT
      10 deny ip any host 10.139.8.216
      20 permit tcp any any eq www
      30 permit tcp any any eq 443
  Extended IP access list Auth-Default-ACL-OPEN
      10 permit udp any eq bootpc any eq bootps
      20 permit udp any any eq domain
      30 permit icmp any any
      40 permit udp any any eq tftp
      50 permit tcp any host 10.139.8.216 eq www
      60 permit tcp any host 10.139.8.216 eq 443
      70 permit tcp any host 10.139.8.216 eq 8443
      80 permit tcp any host 10.139.8.216 eq 8905
      90 permit udp any host 10.139.8.216 eq 8905
      100 permit udp any host 10.139.8.216 eq 8906
      110 permit tcp any host 10.139.8.216 eq 8080
      120 permit udp any host 10.139.8.216 eq 9996
      130 deny ip any any
  Extended IP access list xACSACLx-IP-CENTRAL_WEB_AUTH-50683952 (per-user)
      10 permit udp any any eq domain
      20 permit icmp any any
      30 permit tcp any any eq www
      40 permit tcp any any eq 443
      50 permit tcp any host 10.139.8.216 eq 8443

• Cisco ISE - Guest Access With Google Chrome

  We've implemented the self provisioning guest portal/Guest SSID and it seems to work great for internet explorer, if a user uses Google Chrome to go through the setup the password is generated, they login and accept the terms and conditions, but then they get hung up on the WLC URL and then have to start self provisioning again.
  Any ideas?

  Please check the below browser requirements :
  Supported Operating Systems and Browsers for Sponsor, Guest, and My Devices Portals
  These Cisco ISE portals support the following operating system and  browser combinations. These portals require that you have cookies  enabled in your web browser.
  Table 8     Supported Operating Systems and Browsers
  Supported Operating System Browser Versions
  Google Android 1 4.0.4, 4.0.3, 4.0, 3.2.1, 3.2, 2.3.6, 2.3.3, 2.2.1, 2.2
  •Native browser
  Apple iOS 6, 5.1, 5.0.1, 5.0
  •Safari 5, 6
  Apple Mac OS X 10.5, 10.6, 10.7, 10.8
  •Mozilla Firefox 3.6, 4, 5, 9
  •Safari 4, 5, 6
  •Google Chrome 11
  Microsoft Windows 82
  •Microsoft IE 10
  Microsoft Windows 73
  •Microsoft IE 9
  •Mozilla Firefox 3.6, 5, 9
  •Google Chrome 11
  Microsoft Windows Vista, Microsoft Windows XP
  •Microsoft IE 6, 7, 8
  •Mozilla Firefox 3.6, 9
  •Google Chrome 5
  Red Hat Enterprise Linux (RHEL) 5
  •Mozilla Firefox 3.6, 4, 5, 9
  •Google Chrome 11
  Ubuntu
  •Mozilla Firefox 3.6, 9

• Cannot access Grid Control URL after installation

  I have installed Oracle Grid Control 11.1.0.1.0 for Linux x86-64 (64-bit). I can't access below URL
  1. Enterprise Manager Grid Control URL: https://ccoshs02xvoem01.ccosvc.com:7799/em
  2. Admin Server URL: https://ccoshs02xvoem01.ccosvc.com:7101/console
  [oracle@ccoshs02xvoem01 oracle]$ $OMS_HOME/bin/emctl start oms
  Oracle Enterprise Manager 11g Release 1 Grid Control
  Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
  Starting WebTier...
  WebTier Successfully Started
  Starting Oracle Management Server...
  Oracle Management Server Already Started
  Oracle Management Server is Up
  [root@ccoshs02xvoem01 ~]# netstat -anp | grep 799
  tcp 0 0 :::7799 :::* LISTEN 26461/httpd.worker
  [root@ccoshs02xvoem01 ~]# netstat -anp | grep 7101
  tcp 0 0 ::ffff:172.30.1.31:7101 :::* LISTEN 18452/java
  tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:53507 ESTABLISHED 18452/java
  tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:54364 ESTABLISHED 18452/java
  tcp 0 0 ::ffff:172.30.1.31:54364 ::ffff:172.30.1.31:7101 ESTABLISHED 22561/emagent
  tcp 0 0 ::ffff:172.30.1.31:53507 ::ffff:172.30.1.31:7101 ESTABLISHED 20994/java
  tcp 0 0 ::ffff:172.30.1.31:53496 ::ffff:172.30.1.31:7101 ESTABLISHED 20994/java
  tcp 0 0 ::ffff:172.30.1.31:53487 ::ffff:172.30.1.31:7101 ESTABLISHED 20994/java
  tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:53496 ESTABLISHED 18452/java
  tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:53487 ESTABLISHED 18452/java
  Please can I know what needs to be done to access Grid Control.

  weblogic.management.ManagementException: Unable to obtain lock on /u01/app/oracle/Middleware/oms11g/user_projects/domains/GCDomain/servers/EMGC_ADMINSERVER/tmp/EMGC_ADMINSERVER.lok. Server may already be running
  at weblogic.management.internal.ServerLocks.getServerLock(ServerLocks.java:159)
  at weblogic.management.internal.ServerLocks.getServerLock(ServerLocks.java:58)
  at weblogic.management.internal.DomainDirectoryService.start(DomainDirectoryService.java:73)
  at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
  at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
  at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:749)
  at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:488)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:446)
  at weblogic.Server.main(Server.java:67)
  >
  <Feb 1, 2011 2:49:22 PM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Feb 1, 2011 2:49:22 PM GMT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Feb 1, 2011 2:49:22 PM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Do I need to reboot the server.
  I have restart OMS

• Redirect to url after flash video completes

  I've embedded a .flv file using Insert/media/flash video in
  DW 8.02. Is there some way I can get it to redirect to a specific
  url once the movie completes?
  The only options currently seem to be stop/rewind.
  Thanks,
  Rashid.

  RashidK wrote:
  > I've embedded a .flv file using Insert/media/flash video
  in DW 8.02. Is there
  > some way I can get it to redirect to a specific url once
  the movie completes?
  >
  > The only options currently seem to be stop/rewind.
  >
  > Thanks,
  >
  > Rashid.
  >
  you have to set this up in the flash file (in ActionScript).
  when it reaches the end:
  getURL("redirectpage.html");
  seb ( [email protected])
  http://webtrans1.com | high-end web
  design
  Downloads: Slide Show, Directory Browser, Mailing List

• HTTP/1.1: 10.4.5 404 Not Found Error while accessing the odsm url

  Hi experts,
  I 've installed OID 11.1.1.6 on weblogic server 10.6.. on Oracle linux 6.0
  The Installation went fine And I am able to lauch the odsm default url http:\\localhost:7005/odsm  and  even chnaged the cn=orcladmin User password.
  Also created few user and Groups using odsm,
  However when i tried to access the odsm url after restarting the Admin & managed server . I am unable to access the  odsm url. for that i tired to deploy the odsm.ear on Admin server but it failed  getting the following error.
  in the Adminserver.log file
  2013 8:33:59 AM IST> <Error> <Console> <idm.oracle.com> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1371956639366> <BEA-240003> <Console encountered the following error weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: adf.oracle.domain, exact-match: false].
          at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
          at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
          at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
          at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
          at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208)
          at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
          at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperati
  <Warning> <Deployer> <idm.oracle.com> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1371956639265> <BEA-149004> <Failures were detected while initiating deploy task for application 'odsm [Version=11.1.1.2.0]'.>
  ####<Jun 23, 2013 8:33:59 AM IST> <Warning> <Deployer> <idm.oracle.com> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1371956639268> <BEA-149078> <Stack trace for message 149004
  And in wls_ods1.log file got the following error
  <BEA-149265> <Failure occurred in the execution of deployment request with ID '1371955199392' for task '0'. Error is: 'weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: adf.oracle.domain, exact-match: false].'
  weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: adf.oracle.domain, exact-match: false].
          at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
      Than i tired to deploy the odsm.ear on managed server i.e wls_ods1 and later on both but got the same error.
     Also  There is no issue with the oidsrv or oidladpd proccess as with the start/stop of oid*  related proccesses using opmnctl
     Please see the following.
  e@idm stage]$ oidctl connect=OIDDB status -diag
  oidctl : INSTANCE_NAME   is not set, defaulting to inst1
  oidctl : COMPONENT_NAME  is not set, defaulting to oid1
  NLS_LANG not set in environment
  Setting NLS_LANG to AMERICAN_AMERICA.AL32UTF8
    +--------------------------------------------------------------------------+
    | Process      |  PID   |   InstName    |  CompName   |Inst#| Port | Sport |
    +--------------------------------------------------------------------------+
    | oidmon       |  25968 |      asinst_1 |        oid3 |    0|      |       |
    +--------------------------------------------------------------------------+
    | oidldapd disp|  26010 |      asinst_1 |        oid3 |    1| 3060 |  3131 |
    | oidldapd serv|  26021 |      asinst_1 |        oid3 |    1| 3060 |  3131 |
    | Config   DN  | cn=oid3,cn=osdldapd,cn=subconfigsubentry                  |
    +--------------------------------------------------------------------------+
    +--------------------------------------------------------------------------+
    |Printing LDAP Operation in progress status ...                          |
    +--------------------------------------------------------------------------+
      OIDLDAPD_PID: 26021 WorkerID: 9 DBSID: 263 DBPID: 26075 ==> IDLE
    +--------------------------------------------------------------------------+
      OIDLDAPD_PID: 26021 WorkerID: 11 DBSID: 527 DBPID: 26078 ==> IDLE
    +--------------------------------------------------------------------------+
      OIDLDAPD_PID: 26021 WorkerID: 8 DBSID: 8 DBPID: 26080 ==> IDLE
    +--------------------------------------------------------------------------+
      OIDLDAPD_PID: 26021 WorkerID: 13 DBSID: 133 DBPID: 26108 ==> IDLE
    +--------------------------------------------------------------------------+
      OIDLDAPD_PID: 26021 WorkerID: 10 DBSID: 526 DBPID: 26056 ==> IDLE
    +--------------------------------------------------------------------------+
      OIDLDAPD_PID: 26021 WorkerID: 12 DBSID: 650 DBPID: 26058 ==> IDLE
    +--------------------------------------------------------------------------+
            Cache Max Size                     : 209716224
            Max Entries configured             : 100000
            Max Entries cached                 : 0
            Num Entries in Cache               : 0
            Num Entries in GC                  : 0
            Page size                          : 102392
            Entry cache Hit count              : 0
            Entry cache Mis count              : 0
            Hash Area bytes used               : 13031472
            Hash Area blocks used              : 138
            ResultSet cache bytes used         : 0
            Resultset cache blocks used        : 0
            Entry cache bytes used             : 0
  Cache memory used          
  : 13031472
  [oracle@idm stage]$ opmnctl status -l
  Processes in Instance: asinst_1
  ---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
  ias-component            
  | process-type
  |
  pid | status   |
  uid |  memused |
  uptime | ports
  ---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
  ohs1                     
  | OHS        
  |   25970 | Alive
  |
  1803561142 |  2127440 |  38:11:26 | https:9999,https:4443,http:7777
  oid3                     
  | oidldapd   
  |   26021 | Alive
  |
  1803561144 |  1425784 |  38:11:26 | N/A
  oid3                     
  | oidldapd   
  |   26010 | Alive
  |
  1803561143 |   435572 |  38:11:26 | N/A
  oid3                     
  | oidmon     
  |   25968 | Alive
  |
  1803561141 |   888088 |  38:11:26 | LDAPS:3131,LDAP:3060
  EMAGENT                  
  | EMAGENT    
  |   25967 | Alive
  |
  1803561140 |   106100 |  38:11:26 | N/A
  $ netstat -an |grep 3060
  tcp
  0
  0 :::3060             
  LISTEN
  [oracle@idm stage]$ ps -ef |grep 3060
  oracle
  7368  2130  0 05:53 pts/0
  00:00:00 grep 3060
  oracle   26021
  1  9 Jun24 ?
  03:33:54 oidldapd
  control=26010 connect=oiddb debug=0 configset=0 instance=1 key=26748
  host=idm.oracle.com logchange=TRUE port=3060 sport=3131
  [oracle@idm stage]$ tnsping OIDDB
  TNS Ping Utility for Linux: Version 11.1.0.7.0 - Production on 26-JUN-2013
  05:53:20
  Copyright (c) 1997, 2008, Oracle.  All rights reserved.
  Used parameter files:
  /idm/Middleware/Oracle_IDM2/network/admin/sqlnet.ora
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact
  (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=idm.oracle.com)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=idmoid.oracle.com)))
  OK (0 msec)
    Also I am able to access oracle HTTP server web page i.e
  http://idm.oracle.com:7777/
  Could anyone suggest as why after restarting the server am not able to access the odsm url and getting error in deploying the odsm.ear file.
  Also after struggling with this error for 3 days i tried to Reinstall the oid after completely uninstalling it. But as soon as i restarted the  server  The odsm url become inaccessible
  and getting the same Old error.
     Also one Important things that i observed that before restarting the Admin & managed server when the odsm url was accessible when i do grep the port 3060 i.e
  root@idm config]# netstat -an |grep 3060
  tcp        0      0 :::3060                     :::*
  LISTEN
  tcp        0      0 ::ffff:192.168.122.13:3060  ::ffff:192.168.122.13:24645
  ESTABLISHED
  tcp        0      0 ::ffff:192.168.122.13:24645 ::ffff:192.168.122.13:3060
  ESTABLISHED
  tcp        0      0 ::ffff:192.168.122.13:3060  ::ffff:192.168.122.13:58065
  ESTABLISHED
  tcp        0      0 ::ffff:192.168.122.13:58065 ::ffff:192.168.122.13:3060
  ESTABLISHED
    After the restart of server i got this  output of 3060 port
  $ netstat -an |grep 3060
  tcp   
  0 
  0 :::3060                
  LISTEN
  I could not understand why this truncated output of 3060 port even though  all opmn manged proccess working fine as it's obvious from the out put from
  $ oidctl connect=OIDDB status -diag And $ opmnctl status -l commands output which i 've posted above.
  and am able start/stop oid related proccess from opmnct command
  Please Help.  as am really struggling to work around the issue.
  Thanks & Regards
  Priya

  If what that guys said about it being :7001/em doesn't work, When you configured your domain did you check the box that says Oracle Enterprise Manager. We had the same thing happen to us one time and it's because we didn't install it you have to check that box for it to be installed.

• ISE no redirect to origin URL after guest login

  Hi, is there a possibility to redirect a guest user to the origin URL after he logged in successfully?
  Right now the attached file is what the user sees after login.
  Thanks!

  The first method is local web authentication. In this case, the WLC  redirects the HTTP traffic to an internal or external server where the  user is prompted to authenticate. The WLC then fetches the credentials  (sent back via an HTTP GET request in the case of an external server)  and makes a RADIUS authentication. In the case of a guest user, an  external server (such as Identity Services Engine (ISE) or NAC Guest  Server (NGS)) is required because the portal provides features such as  device registering and self-provisioning. The flow includes these steps:
  The user associates to the web authentication Service Set Identifier (SSID).
  The user opens the browser.
  The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
  The user authenticates on the portal.
  The guest portal redirects back to the WLC with the credentials entered.
  The WLC authenticates the guest user via RADIUS.
  The WLC redirects back to the original URL.
  This  flow includes several redirections. The new approach is to use central  web authentication. This method works with ISE (versions later than 1.1)  and WLC (versions later than 7.2). The flow includes these steps:
  The user associates to the web authentication SSID, which is in fact open+macfiltering and no layer 3 security.
  The user opens the browser.
  The WLC redirects to the guest portal.
  The user authenticates on the portal.
  The  ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) to  indicate to the controller that the user is valid, and eventually pushes  RADIUS attributes such as the Access Control List (ACL).
  The user is prompted to retry the original URL.