ISE Guest Access- Redirect to URL after successful logon
Currently, when guest users attempt to browse they get redirected to the guest portal. After login, they get a message that they can now access the original URL. Is there a way to automatically redirect to the URL they were trying to access, or remember the URL after they login?
ISE guest flow :
The user associates to the web authentication Service Set Identifier (SSID).
The user opens the browser.
The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
The user authenticates on the portal.
The guest portal redirects back to the WLC with the credentials entered.
The WLC authenticates the guest user via RADIUS.
The WLC redirects back to the original URL
Similar Messages
-
Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.
Hi to all,
I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID. The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
Error: Resource not found.
Resource: /guestportal/
Does anyone have any ideas why the portal is doing this?
Thanks
PaulHello,
As you are not able to get the guest portal, then you need to assure the following things:-
1) Ensure that the two Cisco av-pairs that are configured on the authorization profile should exactly match the example below. (Note: Do not replace the "IP" with the actual Cisco ISE IP address.)
–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also defined on the access switch)
2) Ensure that the URL redirection portion of the ACL have been applied to the session by entering the show epm session ip command on the switch. (Where the session IP is the IP address that is passed to the client machine by the DHCP server.)
Admission feature : DOT1X
AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
URL Redirect ACL : ACL-WEBAUTH-REDIRECT
URL Redirect :
https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
0000A45A2444BFC2&action=cpp
3) Ensure that the preposture assessment DACL that is enforced from the Cisco ISE authorization profile contains the following command lines:
remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8906 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
deny ip any any
Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on the switch as follows:
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host 80.0.80.2
permit ip any any
5) Ensure that the http and https servers are running on the switch:
ip http server
ip http secure-server
6) Ensure that, if the client machine employs any kind of personal firewall, it is disabled.
7) Ensure that the client machine browser is not configured to use any proxies.
8) Verify connectivity between the client machine and the Cisco ISE IP address.
9) If Cisco ISE is deployed in a distributed environment, make sure that the client machines are aware of the Policy Service ISE node FQDN.
10) Ensure that the Cisco ISE FQDN is resolved and reachable from the client machine.
11) Or you need to do re-image again. -
Redirect to custom url after successful authentication by OAM
Hello,
I need to redirect the user to some custom url instead of original requested url after successful authentication in OAM 11.1.2 (11g release2).
The requirement in my case is depending upon the user type and the region(one of the user's ldap attributes) it belongs to, it should be redirected to one of the 2 available applications.
I have tried implementing the same using custom authentication plugin in which I have used RedirectionActionContext class.
I have also tried setting plugin response as REDIRECT and specifying the custom page url.
I have also tried changing the "resource_url" parameter in authentication context.
However, none of above approaches are working.
Can anybody help me?
Thanks,
PurvaHello,
I have exactly the same requirement. Have you solved the problem?
Thanks,
Purva -
We are migrating to ISE for guest access and are having problems with the COA being delivered after a successful authentication. ISE attempts to send it but nothing changes on the WLC. The message in ISE is Dynamic Authorization failed and a message that ISE didn't receive a response from the NAD, verify communication. What is odd is the original guest request comes in from the IP address of the service port on the WLC but anything doing with the COA is seen from the management. I have both IP's defined for the device in ISE. I am about to do a session reauthentication within ISE and the WLC applies the changes. I have verified that RFC 3576 is enabled, but the show radius rfc3576 stats shows no values. The WLC is running 7.6.130. I have attempted to debug on the WLC side to see if the message is even being delivered but non the debugs i have attempted seem to offer any good information.
Anyone have any suggestions?
Thanks,
JoeHi Joe,
I dont really know what you are trying to do with the COA , as it is used in the CWA solution and BYOD solution as well. But even before trying that , I would advise you to go step by step and solve the n/w issue first. You are able to see the request from service port which should not happen because then the incoming/outgoing traffic takes different path. You must be facing this situation as you might have some network routes matching ISE subnet/Ip address in the GUI>Controller>Network routes as there is no need of those routes. If the service port needs to be used during controller down scenario then use a laptop in the same subnet of Service port ip and connect to the service port.
Regards
Dhiresh
**Please rate helpful posts** -
ISE - Guest Access (without portal)
Hi Guys,
I have a customer who current is using the cwa portal for guest access. Corporate use will be added in the future sometime next year.
Kit involved:
5508 - Internal (Inside Net)
5508 - Anchor (DMZ Net)
ISE - Inside Net
3600 APs
Presently, guest user connects, anchored to DMZ 5508, issued IP address from server in DMZ and DNS redirect to the web portal from same server. guest logs in and internet access through ASA and then content filtering box.
They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
I'm leaning toward PEAP authentication atm using a GoDaddy SSL cert that is already installed. This would bypass the portal system and only involve client devices being configured once.
Is there any other option that would be simple to setup as this is on a limited timescale ?
Cheers,
NickNick,
They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
If you are referring to supplicant provisioning, the scep enrollment request is proxied from ISE and the private key and cert is transferred to the endpoint. This doesnt require your guest network having direct access to AD....just to ISE.
Tarik Admani
*Please rate helpful posts* -
ISE guest access - can't match on Optional Data fields
Hi all
I need to have 2 different types of guest users that will get different level of access with DACL / Airspace ACL
I thought that best way to do that is simply matching one of optional data fields you can setup in Sponsor Portal
Unfortunately as soon as I reference Optional Data field in Authorization rule I get no match. Can't also match on username which would not help anyway.
getting redirected, login, getting redirected again etc.......
This is affecting both wireless and wired.
As soon as I remove that additonal condition from authz rule guest access works fine - getting redirected, log in, surf the internet.
Is this is bug with ISE that you can't match guest optional data fields?Hi evnafets,
You were right. How silly I am didnt see that small thing- but STILL PROBLEM IS UNSOLVED.
[ore]
java.sql.SQLException: [Microsoft][ODBC Microsoft
Access Driver] Missing ), ], o
r Item in query expression 'Post_Date LIKE
to_date('04-06-2005',' dd/MM/yyyy''.
Like it says, you have a missing ")" character
rs=stmt.executeQuery("SELECT Name FROM
NoticeBoardTable WHERE Post_Date LIKE to_date('"+
date_str+"', 'dd/MM/yyyy' <--HERE NEED A CLOSING
BRACKET ");
When I did this it said to_date function is not available that because Ms-access doesn't have this function. Then I just changed the query to:-
rs=stmt.executeQuery("SELECT Name FROM NoticeBoardTable WHERE Post_Date LIKE "+ date_sql ); . Although it didnt generate any exception, but dont show any record.
But even better would be to use a prepared
statement.
String sql = "SELECT Name FROM NoticeBoardTable
WHERE Post_Date LIKE ?";
PreparedStatement stmt = con.prepareStatement(sql);
stmt.setDate(1, date_sql);
ResultSet rs = stmt.executeQuery();
I had prepared statement in my final servlet, I made this one just to check why its not working on dates. Also on your advice I changed it to prepared statement. It runs fine but didn't show any record with date 04-06-2005 although I have it in my database (not generating any exception).
I print the sql date throuht servlet just to check , its showing 2005-06-04. May be its formate problem.
Thanks
Regards -
Guest Access Redirect accepting AD credentials
I have a 2106 controller with a guest access SSID on a isolated vlan 192. The guest SSID is setup for webauth and redirects all traffic to the isolated vlan 192. There is a RADIUS server handling AD authentications on the native management vlan. The dhcp scope on the guest access (192) vlan resides on a watchguard firewall. When I connect to the guest SSID with a WLC resident account and password I am allowed internet access fine. When I use a AD account and password from the rest of the network I am also allowed on fine. Anyone seen this before? I should not be able to even to see the AD server from the isolated VLAN much less have the controller see it as a valid login. I get an IP address from the isolated vlan and I can not ping my protected (all other vlans) network. The problem is I can not monitor content easily or filter where my AD users are going if they connect to the guest SSID. Code is older version 4.0.217.0 and I will upgrade unit to 4.1.185 this week but I suspect the problem will still exist.
I am posting this as I have found my problem. This is bug number CSCsh35098. In this bug the if the Web account for the local user fails then the authentication request will be forwarded to a RADIUS server if one is configured on the controller. It over rides the WLAN setting to not have a RADIUS authentication. The work around is to change the RADIUS authentication from PAP to CHAP or MD5-CHAP as this will not allow the RADIUS to authenticate.
-
ISE 1.2 redirect to origin URL after successful login
Hi, is there a possibility to redirect guests to the URL they tiped in, before they had to authenticate? We're running ISE 1.2., the webserver is running on it and after login the user has to retype the URL he wants to visit.. it would be great if the user would be automatically redirected..
Thanks!
KRISE is set up to do this with the latest patch (Patch 5). Now we are just waiting on new code for the rest of the NADs to implement this.
Actually, support was added to 1.2 P5, but it is up to access devices to add the support for forwarding the URL in redirect request to ISE. I believe WLC will be first to do so in 8.0 timeframe. -
ISE Guest Portal redirection not working
I have built a lab at home. I have a Win2008 Server for AD/DNS, ISE 1.2 (VM trial), a 3560-cg switch, 2500 WLC and 2602i AP. I have configured everything as per the documentations online. My issue is that when I connect to the open SSID, it gets connected and has the dns server populated as well, but the redirection never takes place. I can search for google or cnn.com but it just stays at looking up host or something. However, if i take the redirect URL from the WLC and then do it on the browser, it does go to the guest portal. Let me know what issues I can see and if there is any other information I can provide.
Issue resolved.
Since my lab environment didnt have access to the internet and hence dns servers 8.8.8.8 would not resolve any public ips. But when an address is resolvable by a dns then it redirects nicely. For test I created a dns entry on the dns server itself and tested it.
Sent from Cisco Technical Support Android App -
Dears
i have configured everything right for the Gusset login and everything is going the way i want except one thing that the switch doesn’t force the quest to web directed to the ISE login paged however the ouput of the below command looks perfect and when i copy the url manually it works .. so how can i make it automatically ?
ISE-SWITCH#sh authen se int f0/12
Interface: FastEthernet0/12
MAC Address: c80a.a96a.47b1
IP Address: Unknown
User-Name: C8-0A-A9-6A-47-B1
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
ACS ACL: xACSACLx-IP-CENTRAL_WEB_AUTH-50683952
URL Redirect ACL: ACL-WEBAUTH-REDIRECT
URL Redirect: https://EG1SHQ06.HEIWAY.NET:8443/guestportal/gateway?sessionId=0A8B080600000005001ECF63&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A8B080600000005001ECF63
Acct Session ID: 0x00000007
Handle: 0xD9000005
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
ISE-SWITCH#sh ip access-l
Extended IP access list ACL-WEBAUTH-REDIRECT
10 deny ip any host 10.139.8.216
11 permit tcp any any eq www
12 permit tcp any any eq 443
Extended IP access list Auth-Default-ACL-OPEN
10 permit ip any any (314 matches)
Extended IP access list xACSACLx-IP-CENTRAL_WEB_AUTH-50683952 (per-user)
10 permit udp any any eq domain
20 permit icmp any any
30 permit tcp any any eq www
40 permit tcp any any eq 443
50 permit tcp any host 10.139.8.216 eq 8443i did this changes and even upgraded the switch IOS to 12.2(58)SE2 but no luck ,
any other idea?
ISE-SWITCH#sh ip access-l
Extended IP access list ACL-DEFAULT
10 permit udp any eq bootpc any eq bootps
20 permit udp any any eq domain
30 permit icmp any any
40 permit udp any any eq tftp
50 permit tcp any host 10.139.8.216 eq www
60 permit tcp any host 10.139.8.216 eq 443
70 permit tcp any host 10.139.8.216 eq 8443
80 permit tcp any host 10.139.8.216 eq 8905
90 permit udp any host 10.139.8.216 eq 8905
100 permit udp any host 10.139.8.216 eq 8906
110 permit tcp any host 10.139.8.216 eq 8080
120 permit udp any host 10.139.8.216 eq 9996
130 deny ip any any log
Extended IP access list ACL-POSTURE-REDIRECT
10 deny udp any any eq domain
20 deny udp any host 10.139.8.216 eq 8905
30 deny udp any host 10.139.8.216 eq 8906
40 deny tcp any host 10.139.8.216 eq 8443
50 deny tcp any host 10.139.8.216 eq 8905
60 deny tcp any host 10.1.252.21 eq www
70 permit ip any any
Extended IP access list ACL-WEBAUTH-REDIRECT
10 deny ip any host 10.139.8.216
20 permit tcp any any eq www
30 permit tcp any any eq 443
Extended IP access list Auth-Default-ACL-OPEN
10 permit udp any eq bootpc any eq bootps
20 permit udp any any eq domain
30 permit icmp any any
40 permit udp any any eq tftp
50 permit tcp any host 10.139.8.216 eq www
60 permit tcp any host 10.139.8.216 eq 443
70 permit tcp any host 10.139.8.216 eq 8443
80 permit tcp any host 10.139.8.216 eq 8905
90 permit udp any host 10.139.8.216 eq 8905
100 permit udp any host 10.139.8.216 eq 8906
110 permit tcp any host 10.139.8.216 eq 8080
120 permit udp any host 10.139.8.216 eq 9996
130 deny ip any any
Extended IP access list xACSACLx-IP-CENTRAL_WEB_AUTH-50683952 (per-user)
10 permit udp any any eq domain
20 permit icmp any any
30 permit tcp any any eq www
40 permit tcp any any eq 443
50 permit tcp any host 10.139.8.216 eq 8443 -
Cisco ISE - Guest Access With Google Chrome
We've implemented the self provisioning guest portal/Guest SSID and it seems to work great for internet explorer, if a user uses Google Chrome to go through the setup the password is generated, they login and accept the terms and conditions, but then they get hung up on the WLC URL and then have to start self provisioning again.
Any ideas?Please check the below browser requirements :
Supported Operating Systems and Browsers for Sponsor, Guest, and My Devices Portals
These Cisco ISE portals support the following operating system and browser combinations. These portals require that you have cookies enabled in your web browser.
Table 8 Supported Operating Systems and Browsers
Supported Operating System Browser Versions
Google Android 1 4.0.4, 4.0.3, 4.0, 3.2.1, 3.2, 2.3.6, 2.3.3, 2.2.1, 2.2
•Native browser
Apple iOS 6, 5.1, 5.0.1, 5.0
•Safari 5, 6
Apple Mac OS X 10.5, 10.6, 10.7, 10.8
•Mozilla Firefox 3.6, 4, 5, 9
•Safari 4, 5, 6
•Google Chrome 11
Microsoft Windows 82
•Microsoft IE 10
Microsoft Windows 73
•Microsoft IE 9
•Mozilla Firefox 3.6, 5, 9
•Google Chrome 11
Microsoft Windows Vista, Microsoft Windows XP
•Microsoft IE 6, 7, 8
•Mozilla Firefox 3.6, 9
•Google Chrome 5
Red Hat Enterprise Linux (RHEL) 5
•Mozilla Firefox 3.6, 4, 5, 9
•Google Chrome 11
Ubuntu
•Mozilla Firefox 3.6, 9 -
Cannot access Grid Control URL after installation
I have installed Oracle Grid Control 11.1.0.1.0 for Linux x86-64 (64-bit). I can't access below URL
1. Enterprise Manager Grid Control URL: https://ccoshs02xvoem01.ccosvc.com:7799/em
2. Admin Server URL: https://ccoshs02xvoem01.ccosvc.com:7101/console
[oracle@ccoshs02xvoem01 oracle]$ $OMS_HOME/bin/emctl start oms
Oracle Enterprise Manager 11g Release 1 Grid Control
Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
Starting WebTier...
WebTier Successfully Started
Starting Oracle Management Server...
Oracle Management Server Already Started
Oracle Management Server is Up
[root@ccoshs02xvoem01 ~]# netstat -anp | grep 799
tcp 0 0 :::7799 :::* LISTEN 26461/httpd.worker
[root@ccoshs02xvoem01 ~]# netstat -anp | grep 7101
tcp 0 0 ::ffff:172.30.1.31:7101 :::* LISTEN 18452/java
tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:53507 ESTABLISHED 18452/java
tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:54364 ESTABLISHED 18452/java
tcp 0 0 ::ffff:172.30.1.31:54364 ::ffff:172.30.1.31:7101 ESTABLISHED 22561/emagent
tcp 0 0 ::ffff:172.30.1.31:53507 ::ffff:172.30.1.31:7101 ESTABLISHED 20994/java
tcp 0 0 ::ffff:172.30.1.31:53496 ::ffff:172.30.1.31:7101 ESTABLISHED 20994/java
tcp 0 0 ::ffff:172.30.1.31:53487 ::ffff:172.30.1.31:7101 ESTABLISHED 20994/java
tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:53496 ESTABLISHED 18452/java
tcp 0 0 ::ffff:172.30.1.31:7101 ::ffff:172.30.1.31:53487 ESTABLISHED 18452/java
Please can I know what needs to be done to access Grid Control.weblogic.management.ManagementException: Unable to obtain lock on /u01/app/oracle/Middleware/oms11g/user_projects/domains/GCDomain/servers/EMGC_ADMINSERVER/tmp/EMGC_ADMINSERVER.lok. Server may already be running
at weblogic.management.internal.ServerLocks.getServerLock(ServerLocks.java:159)
at weblogic.management.internal.ServerLocks.getServerLock(ServerLocks.java:58)
at weblogic.management.internal.DomainDirectoryService.start(DomainDirectoryService.java:73)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:749)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:488)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:446)
at weblogic.Server.main(Server.java:67)
>
<Feb 1, 2011 2:49:22 PM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Feb 1, 2011 2:49:22 PM GMT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Feb 1, 2011 2:49:22 PM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Do I need to reboot the server.
I have restart OMS -
Redirect to url after flash video completes
I've embedded a .flv file using Insert/media/flash video in
DW 8.02. Is there some way I can get it to redirect to a specific
url once the movie completes?
The only options currently seem to be stop/rewind.
Thanks,
Rashid.RashidK wrote:
> I've embedded a .flv file using Insert/media/flash video
in DW 8.02. Is there
> some way I can get it to redirect to a specific url once
the movie completes?
>
> The only options currently seem to be stop/rewind.
>
> Thanks,
>
> Rashid.
>
you have to set this up in the flash file (in ActionScript).
when it reaches the end:
getURL("redirectpage.html");
seb ( [email protected])
http://webtrans1.com | high-end web
design
Downloads: Slide Show, Directory Browser, Mailing List -
HTTP/1.1: 10.4.5 404 Not Found Error while accessing the odsm url
Hi experts,
I 've installed OID 11.1.1.6 on weblogic server 10.6.. on Oracle linux 6.0
The Installation went fine And I am able to lauch the odsm default url http:\\localhost:7005/odsm and even chnaged the cn=orcladmin User password.
Also created few user and Groups using odsm,
However when i tried to access the odsm url after restarting the Admin & managed server . I am unable to access the odsm url. for that i tired to deploy the odsm.ear on Admin server but it failed getting the following error.
in the Adminserver.log file
2013 8:33:59 AM IST> <Error> <Console> <idm.oracle.com> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1371956639366> <BEA-240003> <Console encountered the following error weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: adf.oracle.domain, exact-match: false].
at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperati
<Warning> <Deployer> <idm.oracle.com> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1371956639265> <BEA-149004> <Failures were detected while initiating deploy task for application 'odsm [Version=11.1.1.2.0]'.>
####<Jun 23, 2013 8:33:59 AM IST> <Warning> <Deployer> <idm.oracle.com> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1371956639268> <BEA-149078> <Stack trace for message 149004
And in wls_ods1.log file got the following error
<BEA-149265> <Failure occurred in the execution of deployment request with ID '1371955199392' for task '0'. Error is: 'weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: adf.oracle.domain, exact-match: false].'
weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: adf.oracle.domain, exact-match: false].
at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
Than i tired to deploy the odsm.ear on managed server i.e wls_ods1 and later on both but got the same error.
Also There is no issue with the oidsrv or oidladpd proccess as with the start/stop of oid* related proccesses using opmnctl
Please see the following.
e@idm stage]$ oidctl connect=OIDDB status -diag
oidctl : INSTANCE_NAME is not set, defaulting to inst1
oidctl : COMPONENT_NAME is not set, defaulting to oid1
NLS_LANG not set in environment
Setting NLS_LANG to AMERICAN_AMERICA.AL32UTF8
+--------------------------------------------------------------------------+
| Process | PID | InstName | CompName |Inst#| Port | Sport |
+--------------------------------------------------------------------------+
| oidmon | 25968 | asinst_1 | oid3 | 0| | |
+--------------------------------------------------------------------------+
| oidldapd disp| 26010 | asinst_1 | oid3 | 1| 3060 | 3131 |
| oidldapd serv| 26021 | asinst_1 | oid3 | 1| 3060 | 3131 |
| Config DN | cn=oid3,cn=osdldapd,cn=subconfigsubentry |
+--------------------------------------------------------------------------+
+--------------------------------------------------------------------------+
|Printing LDAP Operation in progress status ... |
+--------------------------------------------------------------------------+
OIDLDAPD_PID: 26021 WorkerID: 9 DBSID: 263 DBPID: 26075 ==> IDLE
+--------------------------------------------------------------------------+
OIDLDAPD_PID: 26021 WorkerID: 11 DBSID: 527 DBPID: 26078 ==> IDLE
+--------------------------------------------------------------------------+
OIDLDAPD_PID: 26021 WorkerID: 8 DBSID: 8 DBPID: 26080 ==> IDLE
+--------------------------------------------------------------------------+
OIDLDAPD_PID: 26021 WorkerID: 13 DBSID: 133 DBPID: 26108 ==> IDLE
+--------------------------------------------------------------------------+
OIDLDAPD_PID: 26021 WorkerID: 10 DBSID: 526 DBPID: 26056 ==> IDLE
+--------------------------------------------------------------------------+
OIDLDAPD_PID: 26021 WorkerID: 12 DBSID: 650 DBPID: 26058 ==> IDLE
+--------------------------------------------------------------------------+
Cache Max Size : 209716224
Max Entries configured : 100000
Max Entries cached : 0
Num Entries in Cache : 0
Num Entries in GC : 0
Page size : 102392
Entry cache Hit count : 0
Entry cache Mis count : 0
Hash Area bytes used : 13031472
Hash Area blocks used : 138
ResultSet cache bytes used : 0
Resultset cache blocks used : 0
Entry cache bytes used : 0
Cache memory used
: 13031472
[oracle@idm stage]$ opmnctl status -l
Processes in Instance: asinst_1
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component
| process-type
|
pid | status |
uid | memused |
uptime | ports
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ohs1
| OHS
| 25970 | Alive
|
1803561142 | 2127440 | 38:11:26 | https:9999,https:4443,http:7777
oid3
| oidldapd
| 26021 | Alive
|
1803561144 | 1425784 | 38:11:26 | N/A
oid3
| oidldapd
| 26010 | Alive
|
1803561143 | 435572 | 38:11:26 | N/A
oid3
| oidmon
| 25968 | Alive
|
1803561141 | 888088 | 38:11:26 | LDAPS:3131,LDAP:3060
EMAGENT
| EMAGENT
| 25967 | Alive
|
1803561140 | 106100 | 38:11:26 | N/A
$ netstat -an |grep 3060
tcp
0
0 :::3060
LISTEN
[oracle@idm stage]$ ps -ef |grep 3060
oracle
7368 2130 0 05:53 pts/0
00:00:00 grep 3060
oracle 26021
1 9 Jun24 ?
03:33:54 oidldapd
control=26010 connect=oiddb debug=0 configset=0 instance=1 key=26748
host=idm.oracle.com logchange=TRUE port=3060 sport=3131
[oracle@idm stage]$ tnsping OIDDB
TNS Ping Utility for Linux: Version 11.1.0.7.0 - Production on 26-JUN-2013
05:53:20
Copyright (c) 1997, 2008, Oracle. All rights reserved.
Used parameter files:
/idm/Middleware/Oracle_IDM2/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=idm.oracle.com)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=idmoid.oracle.com)))
OK (0 msec)
Also I am able to access oracle HTTP server web page i.e
http://idm.oracle.com:7777/
Could anyone suggest as why after restarting the server am not able to access the odsm url and getting error in deploying the odsm.ear file.
Also after struggling with this error for 3 days i tried to Reinstall the oid after completely uninstalling it. But as soon as i restarted the server The odsm url become inaccessible
and getting the same Old error.
Also one Important things that i observed that before restarting the Admin & managed server when the odsm url was accessible when i do grep the port 3060 i.e
root@idm config]# netstat -an |grep 3060
tcp 0 0 :::3060 :::*
LISTEN
tcp 0 0 ::ffff:192.168.122.13:3060 ::ffff:192.168.122.13:24645
ESTABLISHED
tcp 0 0 ::ffff:192.168.122.13:24645 ::ffff:192.168.122.13:3060
ESTABLISHED
tcp 0 0 ::ffff:192.168.122.13:3060 ::ffff:192.168.122.13:58065
ESTABLISHED
tcp 0 0 ::ffff:192.168.122.13:58065 ::ffff:192.168.122.13:3060
ESTABLISHED
After the restart of server i got this output of 3060 port
$ netstat -an |grep 3060
tcp
0
0 :::3060
LISTEN
I could not understand why this truncated output of 3060 port even though all opmn manged proccess working fine as it's obvious from the out put from
$ oidctl connect=OIDDB status -diag And $ opmnctl status -l commands output which i 've posted above.
and am able start/stop oid related proccess from opmnct command
Please Help. as am really struggling to work around the issue.
Thanks & Regards
PriyaIf what that guys said about it being :7001/em doesn't work, When you configured your domain did you check the box that says Oracle Enterprise Manager. We had the same thing happen to us one time and it's because we didn't install it you have to check that box for it to be installed.
-
ISE no redirect to origin URL after guest login
Hi, is there a possibility to redirect a guest user to the origin URL after he logged in successfully?
Right now the attached file is what the user sees after login.
Thanks!The first method is local web authentication. In this case, the WLC redirects the HTTP traffic to an internal or external server where the user is prompted to authenticate. The WLC then fetches the credentials (sent back via an HTTP GET request in the case of an external server) and makes a RADIUS authentication. In the case of a guest user, an external server (such as Identity Services Engine (ISE) or NAC Guest Server (NGS)) is required because the portal provides features such as device registering and self-provisioning. The flow includes these steps:
The user associates to the web authentication Service Set Identifier (SSID).
The user opens the browser.
The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
The user authenticates on the portal.
The guest portal redirects back to the WLC with the credentials entered.
The WLC authenticates the guest user via RADIUS.
The WLC redirects back to the original URL.
This flow includes several redirections. The new approach is to use central web authentication. This method works with ISE (versions later than 1.1) and WLC (versions later than 7.2). The flow includes these steps:
The user associates to the web authentication SSID, which is in fact open+macfiltering and no layer 3 security.
The user opens the browser.
The WLC redirects to the guest portal.
The user authenticates on the portal.
The ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) to indicate to the controller that the user is valid, and eventually pushes RADIUS attributes such as the Access Control List (ACL).
The user is prompted to retry the original URL.
Maybe you are looking for
-
Problems setting up WiFi in Linux Mint 6
Hey Guys, I'm running a 32bit version of Linux Mint 6 on my T60. I need a hand setting up my wireless connection. It boggles my mind, I am able to see the wireless network in my 'available networks' option. I am just not able to connect to it. Anyone
-
Security issues with applets and windows Vista when printing to file
Hi, everyone I am currently developing an application that prints out the result of some calculations. from a Javascript file, the output finally ends up in a java applet that should print the file in a special printer. For debugging purposes I have
-
Brush issue on surface pro 3 (screenshot)
This is happening on my canvas when I try to draw with the pen tool. When I make a stroke, the line becomes long and straight automatically, thus make me unable to draw. Could someone tell me why this happening? I'm using the latest update of flash p
-
Problem while calling RFC in java
hi, I writed a java program calling a batch input RFC. The RFC return an internal table which storing the system messages of the batch input process. My problem is: When i debug the java program,the RFC excecuted and return the correct internal tab
-
"Deceased" Infintiy/HH3 network still operational
Hello, Can someone explain the following phenomenon to me? I recently switched to BT Infinty; I was supplied an OpenReach VDSL modem and a HomeHub3. As I have been having some problems, Infinity tech support finally sent me a replacement HH3 (with it