Issue with Authentication using JAAS for coherence

Similar Messages

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• Directory Caching issue with Cisco Jabber client for Windows

  Hi ,
  I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
  Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
  Is there any automated way to remove the cache file? 
  Here is the detail of CUCM,Presence and Jabber.
  CUCM version: 9.1.x
  Presence          : 9.1.X
  Jabber              : 10.5 and 10.6

  Hello
  On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
  Network Device Enrollment Service.
  Our certificate for the CUPS were generated on this Certification Authority too.
  I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
  Enterprise Trust store for the users.
  But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
  I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
  Our partner left us alone with that unfortunately.
  Florent
  EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment.

• Issue with Audit Vault Collector for Peoplesoft-MS Sql Server

  Experts,
  Requesting your valuable inputs regarding below issue :
  Environment:
  - Peoplesoft with SQL Server 2008
  - Oracle Audit Vault.
  Current issue with Audit Vault collector for SQL server is that it is not giving PSFT login ID instead it is giving Peoplesoft DB service Account ID.
  Is this expected ?. If yes, what is the workaround ? Can Database Firewall is a best option to capture PSFT login ID ?
  Thanks

  Hi Rabi ,
    just do one think here ..
  During data source creation , in the Additional tab area , in the SQL Engine session , select "Vendor SQL"  instead of "Open SQL".
  HOw could u create data source without selecting the driver corrsponding to MS SQL.?
  it is recommended to download the latest Driver and use this for Driver creation.
  let me know ..
                                     Regards
                                     Kishor Gopinathan

• Issue with voice over narration for a presentation

  When I record a voice over narration (Keynote 09) and then play back - the slides do not always play back with the sound. It seems to be an issue with slides using a build-up ... although it finishes - it then sticks and the sound for the next slide carries on out of sync to the visual - EG - every time I try it happens on the same slides - A good example is one that is followed by a .mov built into a slide. The sound track runs before the new slide image appears - Also I have problems with the movie - as the sound from the .mov file does not come through, so I have to record the movie sound on the narration rack .. confused!?

  It sounds like you are making too many assumptions and not actually testing anything.
  For instance, emoji may not cause issues for other contacts (maybe it is and you don't know it) but if I were testing this issue, the first thing I would do is remove the emoji from the contact info.
  Next thing I would do is make a fake contact called "Home Other". And see if the Voice Control asks you to pick between Home and Home Other
  Another thing I would do is add multiple numbers for your home contact (real or fake) And see if you can get the Voice control to find the contact and ask you what number you want to pick. (home or mobile)
  And last thought that I had....You mentioned that the Voice Control dials a random person every time, but how random is it really? Are you sure that part of these people's names don't phonetically sound similar to the word Home?

• [svn:fx-trunk] 12982: Fix for issue with exposing accessible names for combobox list items

  Revision: 12982
  Revision: 12982
  Author:   [email protected]
  Date:     2009-12-15 20:44:23 -0800 (Tue, 15 Dec 2009)
  Log Message:
  Fix for issue with exposing accessible names for combobox list items
  QE notes: none
  Doc notes: none
  Bugs: n/a
  Reviewer: Gordon
  Tests run: checkintests
  Is noteworthy for integration: no
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/spark/src/spark/accessibility/ComboBoxAccImpl.as
      flex/sdk/trunk/frameworks/projects/spark/src/spark/accessibility/ListBaseAccImpl.as

  Add this to the end of your nav p CSS selector at Line 209 of your HTML file, after 'background-repeat...':
  margin-bottom: -2px;
  Your nav p will then look like this:
  nav p {
            font-size: 90%;
            font-weight: bold;
            color: #FFC;
            background-color: #090;
            text-align: right;
            padding-top: 5px;
            padding-right: 20px;
            padding-bottom: 5px;
            border-bottom-width: 2px;
            border-bottom-style: solid;
            border-bottom-color: #060;
            background-image: url(images/background.png);
            background-repeat: repeat-x;
            margin-bottom: -2px;

• Hi All, can i have some production support issues with rootcasue and resolution for SAP TM?

  Hi All, can i have some production support issues with rootcasue and resolution for SAP TM?
  Thanks,
  Sreenivas

  Hi Sreenivas,
  I would recommend that you read the Rules of Engagement and other documents in the Getting Started link (top right) before posting anymore.  Your Discussion will most likely get reported as non-specific and get removed.  If you have a specific problem with TM, please post it in a new thread with error messages, version and SPs installed, and how the error occurs and what you are trying to get TM to do.
  There are a lot of resources available in the TM Overview page which can help, so start there and maybe also look at some of the MKS (Monday Knowledge Session) recordings which should also be listed.  There are also a lot of experienced people who can help resolve issues your TM installation, but you need to provide enough information on the problems you are having.  If you are just looking for information on past problems, do a Search or simply browse through past Discussions which are marked with a green Check (Correct Answer).
  Regards, Mike
  SAP Customer Experience Group - CEG (and a Moderator)

• Issue with Alerts using BPM : Trigerred for Successful messages also

  Hi Everybody,
  I am working on configuring Alerts using BPM.
  I have followed the below blog by Micheal.
  /people/michal.krawczyk2/blog/2005/03/13/alerts-with-variables-from-the-messages-payload-xi--updated
  In BPM after the receive step I have used container and control steps to capture the Idoc Number as mentioned in the blog.
  I am facing an issue with it now as an Alert message is send to my Inbox even when the message is succesfully processed by the adapter.
  This is a strange behaviour when we talk about Alerts.
  Can somebody help me out in this?
  Thanks & Regards,
  Zabiulla

  Hi Zabiulla,
  Michal explained just the basic, the logic of your process is to build by yourself. Usually an alert will be raised inside of an exception branch. You can define exceptions for critical operations, f.e. send steps or transformations, the exception will be catched by jumping to the exception branch, where you can store a suitable reaction - f.e. an alert.
  Regards,
  Udo

• Client remote Authentication using JAAS and EJB Access

  Hi,
  I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
  I have implemented an EJB who's methods are protected through the deployment descriptor:
          <assembly-descriptor>
               <security-role>
                  <description>role for clients outside of the server </description>
                  <role-name>sedna</role-name>
                </security-role>
              <method-permission>
                <role-name>sedna</role-name>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-intf>Remote</method-intf>
                  <method-name>*</method-name>
                </method>
              </method-permission>
              <method-permission>
                <unchecked/>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-name>getVersion</method-name>
                </method>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-name>create</method-name>
                </method>
              </method-permission>
          </assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
  I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
  But then I try to access another method which is protected and then I get this exception
  org.omg.CORBA.NO_PERMISSION:   vmcid: 0x2000  minor code: 1806 completed: Maybe
          at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
          at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
          at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
  ...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
  After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
  After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
  Am I doing something wrong?
  Need help! Thx,
  Stephan

  Hi.
  I understand correctly that you call Subject.doAs on
  the client to call the remote EJB. I guess It isn't
  right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
  >
  >
  Subject contextSubject =
  Subject.getSubject(AccessController.getContext());
  contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
  But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
  Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
  Again, thanks for your effort,
  Stephan

• Using JAAS for third-party webapp

  I'm developing a webapp that will be marketed to enterprise customers. Right now, it handles its own authentication by validating the userid/password against its own user table. I'd like to give customers the ability to plug in whatever type of authentication they want, for example, one that authenticates a user against an Active Directory domain.
  It seems like JAAS was expressly designed for this purpose, but as I read up on it, I forsee all sorts of problems that could be caused by it. If I'm missing something, I'm hoping someone here can set me straight.
  According to the docs, when an app creates a LoginContext and provides it with CallbackHandlers, the LoginContext will check the Configuration to see if any LoginModules are configured for the app (based on the name parameter passed into the LoginContext). If it doesn't find one, it will look for a set of LoginModules for "other".
  Here's the behavior I would like: If there is no set of LoginModules configured specifically for my app, I do NOT want the LoginModule(s) for "other" used, since I have no clue what it/they will be. Instead, I would like to my code to be gracefully notified that no LoginModules are configured, so it can default back to its own authentication mechanism. From the looks of the API docs, however, there doesn't seem to be any surefire way to tell why a LoginException has thrown.
  I thought I might be able to check programattically to see if there's a LoginModule configured for my webapp with Configuration.getConfiguration().getAppConfigurationEntry(appName), but, 1) it looks like that will probably throw a SecurityException, and 2) it also looks like it would return the AppConfigurationEntries for "other" in the event there's no entry for my app.
  It's important that my app not require the appserver administrator to explicitly configure a LoginModule for it, since that could turn into a support nightmare; I simply want to give powerusers the ability to do so if they choose to.
  Is it possible to get the behavior I want from JAAS, without a lot of contortions and workarounds? As I said, I may be missing something, but it doesn't seem like I can.

  This is from the javadocs
  public LoginContext(String name)
  throws LoginException
  Initialize the new LoginContext object with a name.
  LoginContext uses the specified name as the index
  into the Configuration to determine which
  LoginModules should be used. If the provided name
  does not match any in the Configuration, then the
  LoginContext uses the default Configuration entry,
  "other". If there is no Configuration entry for
  "other", then a LoginException is thrown.
  Throws:
  LoginException - if the specified name does not
  appear in the Configuration and there is no
  Configuration entry for "other", or if the
  auth.login.defaultCallbackHandler security property
  was set, but the implementation class could not be
  loaded.
  The or condition here could be ignored because you
  wouldnt be using CallbackHandlers or even if you are
  using them, you could ensure that the classes are
  'loadable'.The problem is, that LoginException is going to be called for anything that goes wrong inside a LoginContext. If there is an "other" LoginModule set, but it doesn't recognize my user's name and password, then it will throw a FailedLoginException. How is my code supposed to know that the user's name/password will never be accepted by that LoginModule?
  >
  2.
  An alternative would be to provide your own
  own implementation of the abstract class
  javax.security.auth.login.Configuration overriding
  the default implementation provided by Sun. Remember, this is a third-party webapp running in an appserver with other webapps from different providers. It has to use whatever Configuration is already there.
  This is
  the same technique if you wish to provide the login
  module information in any other location than a text
  file (as is required by the default implementation)
  You could then throw specific custom exceptions
  ons from your implementation code and choose to
  handle it in the manner you desire.Even if I could do that, which I can't, as I explained, I have to keep this SIMPLE for customers who might not be very knowledgeable in the more esoteric aspects of J2EE and Java.

• Font Issue with Report Generation Toolkit for Microsoft Office

  I have been using this toolkit for only a few days now, but I just have to get this issue off my back. When developing a toolkit it would be a good idea to use the same cluster to represent fonts in ALL places. If you look at "Excel Set Graph Font" vs. "Excel Easy Table" they take two completely different clusters. Why? I don't know, but it is *very* annoying.
  How could something like this slip through the cracks? Is there some reason why there is this discrepancy? From my perspective as a software engineer I see no excuse, but maybe someone else can justify this oversight for me. I just hope that I don't find any more issues with the toolkit...
  Naveen.

  Naveen,
  what you said is true when dealing with same kind of objects, but in this circumstance, different cluster defines the font of a differnt object. For example, you may not want the user have as many options with defining the font for the X Y axis title as that for defining the text in the table. This is ture when you want your generated report to have similiar styles.
  But this is certainly something we will think about, thanks for your constructive suggestion,
  XD Gao
  Application Engineer
  National Instruments

• Issue with reversal of MIRO for Planned Delivery Cost

  Hi Xperts
  We have found out an issue while reversing the MIRO document for Planned Del costs. When we have done the MIRO, the accounting entry got correctly posted with correct account keys.Conditions are not inventoried.
  However, when we had reversed it - the stock account got hit.Do not understand, why that happened.Do you have any clue?
  1. Suppose we have done the MIRO for Del Cost & then performed GR.Now Stock has already consumed & afterwards we have found that the MIRO for Del Cost is wrong & reverse - in this scenario shall the Stock account will get a hit????
  2. I have maintained Price Control "V" in Material Master.However, I have maintained a Standard Price by mistake.In that case shall SAP ignores the MAP & takes Standard Price into account & post PRD??
  Regards
  Soumick 

  Hi,
  Before checking Planned Delivery costs accounting documents in MIRO posting and MIRO cancellation document, 1st check how Planned Delivery costs designed for your procurement process.
  Use t.code:ME23N, check your Purchase order
  Option-1:
  Is Planned Delivery costs added to inventory account and at the same time Planned Delivery costs posted to Separate Planned Delivery costs G/L account.
  OR
  Option-2:
  Is Planned Delivery costs posted to Planned Delivery costs G/L account ONLY
  OR
  Option-3:
  Is Planned Delivery costs added to inventory account ONLY.
  Based the above one setting, system  will post goods receipt and invoice posting document with corresponding accounting entries. Also cancellation of invoice posting document refer to these setting.But account posting depends on price control available in material master.
  NOTE:
  Standard price procedure (price control “S”):The system carries out all stock postings at a price defined in the material master. Variances in price are posted to price difference accounts.
  Moving average price (price control “V”): The system valuates goods receipts with the purchase order price and goods issues with the current moving average price.Differences in price between the purchase order price and the invoice are posted directly to the relevant stock account if there is sufficient stock coverage.
  Regards,
  Biju K

• Issue with Member Formula written for Balance Type

  Folks,
  I am facing an issue with a member formula written for a balance type dimension,
  The code says
  IIF( IsUda([Accounts].CurrentMember, "BalanceSheet"),
  CASE
  *WHEN IS([Time].currentmember,[YearTotal]) THEN MISSING*
  WHEN IsLevel([Time].CurrentMember, 0) THEN (BALTYPE.[EndOfPeriod])
  WHEN IS([Time].currentmember,[Q1]) THEN (BALTYPE.[EndOfPeriod],Time.[MAR])
  WHEN IS([Time].currentmember,[Q2]) THEN (BALTYPE.[EndOfPeriod],Time.[JUN])
  WHEN IS([Time].currentmember,[Q3]) THEN (BALTYPE.[EndOfPeriod],Time.[SEP])
  WHEN IS([Time].currentmember,[Q4]) THEN (BALTYPE.[EndOfPeriod],Time.[DEC])
  END
  ,MISSING)
  Outline Structure for Time dimension looks like below
  +Time
  --|+YearTotal
  ------|+Q1
  ----------|+Jan
  ----------|+Feb
  ----------|+Mar
  The highlighted Part of the code works good for all the Measures which is With the UDA tag BalanceSheet, Except if the Measure with BalanceSheet UDA is a Parent Member.
  Parent Level Measures are populated with Data(populating Dec Data) instead of showing #MISSING.
  Any help on this issue will be appreciated.
  Thanks
  Sathish

  Hello Gurus,
  I raised an SR with Oracle support and they have replied by saying that, In EPM 11.1.2.4, the IE11 is only supported for interactive reporting and we will have to use IE 10 & 9 for workspace.
  Yes. It works fine in IE 10 & 9.
  Thanks,
  Siva

• Issue with Receiver SOAP adapter for synchronous scenario

  Hello All,
  We are facing a strange issue with the SOAP adapter in the interface we have setup. This is the 1st time we are using SOAP adapter in our system (PI 7.11 SP7). We are making a synchronous HTTP call to the web service exposed by another system in our landscape. The payload is send with SOAP envelope and there are no credentials to be maintained in PI settings.
  The issue is that we are always getting timeout exception in PI audit logs after sending the request (3 minutes - standard timeout value, no additional config for this). But target system has confirmed that they are sending the response back. We tested from our server OS level and have received the response back in the same screen (to verify there is no firewall/port issue in between the systems). But when tried from RWB, it is always giving the timeout exception and we are not able to see any other log.
  We have tried checking in the NWA logs as well after increasing the logging level to ALL for com.sap.aii.adapter.soap. But surprisingly, we didn't get any logs at all for the outgoing SOAP call or incoming response and hence we are unable to trace the issue.
  We have setup another synchronous inbound SOAP interface (PI exposing the webservice) and it is working fine. We are also able to trace the logs in both audit log and NWA logs.
  Is there anywhere else we can check for the logs? Audit logs is showing timeout error and we are not able to see anything in NWA logs.
  Does the target system need to maintain PI credentials in the header when they send the synchronous response back?
  Are there any specific settings which should be checked to enable the sync communication? (this should not be the case since the inbound interface is working fine)
  Please help.
  Thanks
  Justin

  Hi Amit,
  Thanks for the reply.
  Yes we had tested successfully via SOAP UI as well (forgot to mention that). We are getting back the expected response in SOAP UI without using any credentials. We got the same response when we tested it through OS commands from PI server.
  The WS is hosted by the target system and they haven't maintained any credentials at their end. So when PI is trying to access, we don't need to provide any credentials. My question is, whether the target system should keep any credentials to send the synchronous response back to PI (java stack). We have tried that as well but since there aren't any logs, we are unable to verify whether the credentials are coming correctly.
  The service interfaces are correct and PI configuration are OK. I will try the XPI inspector for logs as you have suggested.
  Thanks
  Justin

• Display issue with LiveCycle Designer ES4 for cropped PDF in WIN7

  Hi,
  I am having issue displaying the cropped PDF file in the LiveCycle Designer ES4. The PDF files are cropped 3 inches from bottom using Adobe Acrobat 8 Professional. It used to display properly when we have a WinXP machine but once we moved to a Win7 machine, it cannot display the top part of the PDF anymore. Can anyone help on how to fix the display issue? Thanks.
  Kenny
  Environment:
  Adobe LiveCycle Designer ES4 V11.0.0.2013.0303.1.892433
  Adobe Acrobat 8.0.0
  Screenshots
  Win 7, LiveCycle Designer does not display properly
  Win XP, LiveCycle Designer used to display properly

  Thanks vNohria.
  I am having same issue with Adobe Acrobat 9. The Acrobat 9 cropped file is displaying properly under WinXP but have the same issue as above in Win7. This issue seems uncommon as I tried to look for similar issue  and couldn't find any.
  P.S. It's only the Design View in Win7 that has the issue, I can still see the file fine with Preview PDF in both enviornment.
  Design View:
  Preview PDF: