Issue with Authentication using JAAS for coherence
Hi,
I have configured security frame work using JAAS for storage enabled node,
I am using keystore for authenticating the users, Below is the code used for authentication,
Subject subject;
try{ subject = Security.login(sUsername, sPassword.toCharArray()); }
catch (Throwable t){
subject = null;
log("Authentication error:");
log(t); }
if (subject != null)
for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext(); )
Principal principal = (Principal) iter.next();
log("Principal: " + principal.getName());
Security.runAs(subject, new PrivilegedAction()
public Object run()
NamedCache cache = CacheFactory.getCache(CACHE_NAME);
boolean flag = true;
while (flag) {}
return null;
});and i am calling the above class in the callback handler which is defined in coherence operation descriptor.
<security-config>
<enabled system-property="tangosol.coherence.security">true</enabled>
<login-module-name>TestCoherence</login-module-name>
<access-controller>
<class-name>com.tangosol.net.security.DefaultController</class-name>
<init-params>
<init-param id="1">
<param-type>java.io.File</param-type>
<param-value>config/keystore.jks</param-value>
</init-param>
<init-param id="2">
<param-type>java.io.File</param-type>
<param-value>config/permissions.xml</param-value>
</init-param>
</init-params>
</access-controller>
<callback-handler>
<class-name>Test</class-name>
</callback-handler>
</security-config>I am using the following command line parameters for bringing up the storage enabled node.
-Dtangosol.coherence.security.permissions="$CONFIG_PATH/permissions.xml"
-Dtangosol.coherence.security.keystore="$CONFIG_PATH/keystore.jks"
-Djava.security.auth.login.config="$CONFIG_PATH/login.config"
-Dtangosol.coherence.security=trueNow till the callback handler thread is alive, storage enabled node will be up. As soon as the call back handler thread dies. Storage enabled node stops with the following error,
Exception in thread "main" java.lang.SecurityException: Authentication failed: Error initializing keystore
at com.tangosol.coherence.component.net.security.Standard.loginSecure(Standard.CDB:36)
at com.tangosol.coherence.component.net.security.Standard.getTempSubject(Standard.CDB:11)
at com.tangosol.coherence.component.net.security.Standard.checkPermission(Standard.CDB:18)
at com.tangosol.coherence.component.net.Security.checkPermission(Security.CDB:11)
at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeCluster.CDB:6)
at com.tangosol.coherence.component.net.management.Connector.startService(Connector.CDB:25)
at com.tangosol.coherence.component.net.management.gateway.Remote.registerLocalModel(Remote.CDB:8)
at com.tangosol.coherence.component.net.management.gateway.Local.registerLocalModel(Local.CDB:8)
at com.tangosol.coherence.component.net.management.Gateway.register(Gateway.CDB:1)
at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluster(SafeCluster.CDB:50)
at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.CDB:2)
at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:948)
at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(DefaultConfigurableCacheFactory.java:748)
at com.tangosol.net.DefaultCacheServer.start(DefaultCacheServer.java:140)
at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:61)
Please let me know where should i pass the credentials to the default cache server for authentication or should i change the any implementation of authentication here.
Thanks in advance,
Bhargav
Bhargav,
Rather than trying to loop forever in a callback handler try this
import com.tangosol.net.CacheFactory;
import com.tangosol.net.DefaultCacheServer;
import com.tangosol.net.security.Security;
import javax.security.auth.Subject;
import java.security.PrivilegedExceptionAction;
public class SecureCacheServer {
public static void main(final String[] args) throws Exception {
LoginContext lc = new LoginContext("Coherence");
lc.login();
Subject subject = lc.getSubject();
Security.runAs(subject, new PrivilegedExceptionAction() {
public Object run() throws Exception {
DefaultCacheServer.main(args);
return null;
}Then when you start your cache server just use the SecureCacheServer class above rather than DefaultCacheServer
As the main method of DefaultCacheServer is running in a PrivilegedExceptionAction Coherence will use this identity anywhere it needs to do anything secured.
I hope the code above compiles OK as it is a modified version of the code I really use.
Hope this helps
JK
Similar Messages
-
An issue with authentication and authorization on ISE 1.2
Hi, I'm new to ISE.
I have an issue with authentication and authorization.
I have ISE 1.2 plus patch 6 installed on VMware.
I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
I created authentication and authorization rules with Active Directory as External Identity Source. Also I applied authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
What should I do to resolve this issue?
Switch configuration:
testISE#sh runn
Building configuration...
Current configuration : 7103 bytes
! Last configuration change at 12:20:15Tue Apr 15 2014
! NVRAM config last updated at 10:35:02 Tue Apr 15 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname testISE
boot-start-marker
boot-end-marker
no logging console
logging monitor informational
enable secret 5 ************
enable password ********
username radius-test password 0 ********
username admin privilege 15 secret 5 ******************
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.16.0.90 server-key ********
aaa session-id common
clock timezone 4 0
system mtu routing 1500
authentication mac-move permit
ip dhcp snooping vlan 1,22
ip dhcp snooping
ip domain-name elauloks
ip device tracking probe use-svi
ip device tracking
epm logging
crypto pki trustpoint TP-self-signed-1888913408
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1888913408
revocation-check none
rsakeypair TP-self-signed-1888913408
crypto pki certificate chain TP-self-signed-1888913408
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh version 2
interface FastEthernet0/5
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/7
interface Vlan1
ip address 172.16.0.204 255.255.240.0
no ip route-cache
ip default-gateway 172.16.0.1
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
deny icmp any host 172.16.0.1
permit ip any any
ip radius source-interface Vlan1
logging origin-id ip
logging source-interface Vlan1
logging host 172.16.0.90 transport udp port 20514
snmp-server community public RO
snmp-server community ciscoro RO
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move
snmp-server host 172.16.0.90 ciscoro
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-Alex
address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
automate-tester username radius-test idle-time 15
key ******
ntp server 172.16.0.1
ntp server 172.16.0.5
endYes. Tried that (several times) didn't work. 5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts. Kept getting error message that username and password invalid. Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick. Think there is an issue with imap.gmail.com and IOS 6.0.1. I'm sure the 5 of us suddently experiencing this issue aren't the only ones. Apple will figure it out. Thanks.
-
Directory Caching issue with Cisco Jabber client for Windows
Hi ,
I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
Is there any automated way to remove the cache file?
Here is the detail of CUCM,Presence and Jabber.
CUCM version: 9.1.x
Presence : 9.1.X
Jabber : 10.5 and 10.6Hello
On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
Network Device Enrollment Service.
Our certificate for the CUPS were generated on this Certification Authority too.
I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
Enterprise Trust store for the users.
But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
Our partner left us alone with that unfortunately.
Florent
EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment. -
Issue with Audit Vault Collector for Peoplesoft-MS Sql Server
Experts,
Requesting your valuable inputs regarding below issue :
Environment:
- Peoplesoft with SQL Server 2008
- Oracle Audit Vault.
Current issue with Audit Vault collector for SQL server is that it is not giving PSFT login ID instead it is giving Peoplesoft DB service Account ID.
Is this expected ?. If yes, what is the workaround ? Can Database Firewall is a best option to capture PSFT login ID ?
ThanksHi Rabi ,
just do one think here ..
During data source creation , in the Additional tab area , in the SQL Engine session , select "Vendor SQL" instead of "Open SQL".
HOw could u create data source without selecting the driver corrsponding to MS SQL.?
it is recommended to download the latest Driver and use this for Driver creation.
let me know ..
Regards
Kishor Gopinathan -
Issue with voice over narration for a presentation
When I record a voice over narration (Keynote 09) and then play back - the slides do not always play back with the sound. It seems to be an issue with slides using a build-up ... although it finishes - it then sticks and the sound for the next slide carries on out of sync to the visual - EG - every time I try it happens on the same slides - A good example is one that is followed by a .mov built into a slide. The sound track runs before the new slide image appears - Also I have problems with the movie - as the sound from the .mov file does not come through, so I have to record the movie sound on the narration rack .. confused!?
It sounds like you are making too many assumptions and not actually testing anything.
For instance, emoji may not cause issues for other contacts (maybe it is and you don't know it) but if I were testing this issue, the first thing I would do is remove the emoji from the contact info.
Next thing I would do is make a fake contact called "Home Other". And see if the Voice Control asks you to pick between Home and Home Other
Another thing I would do is add multiple numbers for your home contact (real or fake) And see if you can get the Voice control to find the contact and ask you what number you want to pick. (home or mobile)
And last thought that I had....You mentioned that the Voice Control dials a random person every time, but how random is it really? Are you sure that part of these people's names don't phonetically sound similar to the word Home? -
Revision: 12982
Revision: 12982
Author: [email protected]
Date: 2009-12-15 20:44:23 -0800 (Tue, 15 Dec 2009)
Log Message:
Fix for issue with exposing accessible names for combobox list items
QE notes: none
Doc notes: none
Bugs: n/a
Reviewer: Gordon
Tests run: checkintests
Is noteworthy for integration: no
Modified Paths:
flex/sdk/trunk/frameworks/projects/spark/src/spark/accessibility/ComboBoxAccImpl.as
flex/sdk/trunk/frameworks/projects/spark/src/spark/accessibility/ListBaseAccImpl.asAdd this to the end of your nav p CSS selector at Line 209 of your HTML file, after 'background-repeat...':
margin-bottom: -2px;
Your nav p will then look like this:
nav p {
font-size: 90%;
font-weight: bold;
color: #FFC;
background-color: #090;
text-align: right;
padding-top: 5px;
padding-right: 20px;
padding-bottom: 5px;
border-bottom-width: 2px;
border-bottom-style: solid;
border-bottom-color: #060;
background-image: url(images/background.png);
background-repeat: repeat-x;
margin-bottom: -2px; -
Hi All, can i have some production support issues with rootcasue and resolution for SAP TM?
Thanks,
SreenivasHi Sreenivas,
I would recommend that you read the Rules of Engagement and other documents in the Getting Started link (top right) before posting anymore. Your Discussion will most likely get reported as non-specific and get removed. If you have a specific problem with TM, please post it in a new thread with error messages, version and SPs installed, and how the error occurs and what you are trying to get TM to do.
There are a lot of resources available in the TM Overview page which can help, so start there and maybe also look at some of the MKS (Monday Knowledge Session) recordings which should also be listed. There are also a lot of experienced people who can help resolve issues your TM installation, but you need to provide enough information on the problems you are having. If you are just looking for information on past problems, do a Search or simply browse through past Discussions which are marked with a green Check (Correct Answer).
Regards, Mike
SAP Customer Experience Group - CEG (and a Moderator) -
Issue with Alerts using BPM : Trigerred for Successful messages also
Hi Everybody,
I am working on configuring Alerts using BPM.
I have followed the below blog by Micheal.
/people/michal.krawczyk2/blog/2005/03/13/alerts-with-variables-from-the-messages-payload-xi--updated
In BPM after the receive step I have used container and control steps to capture the Idoc Number as mentioned in the blog.
I am facing an issue with it now as an Alert message is send to my Inbox even when the message is succesfully processed by the adapter.
This is a strange behaviour when we talk about Alerts.
Can somebody help me out in this?
Thanks & Regards,
ZabiullaHi Zabiulla,
Michal explained just the basic, the logic of your process is to build by yourself. Usually an alert will be raised inside of an exception branch. You can define exceptions for critical operations, f.e. send steps or transformations, the exception will be catched by jumping to the exception branch, where you can store a suitable reaction - f.e. an alert.
Regards,
Udo -
Client remote Authentication using JAAS and EJB Access
Hi,
I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
I have implemented an EJB who's methods are protected through the deployment descriptor:
<assembly-descriptor>
<security-role>
<description>role for clients outside of the server </description>
<role-name>sedna</role-name>
</security-role>
<method-permission>
<role-name>sedna</role-name>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<unchecked/>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-name>getVersion</method-name>
</method>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-name>create</method-name>
</method>
</method-permission>
</assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
But then I try to access another method which is protected and then I get this exception
org.omg.CORBA.NO_PERMISSION: vmcid: 0x2000 minor code: 1806 completed: Maybe
at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
Am I doing something wrong?
Need help! Thx,
StephanHi.
I understand correctly that you call Subject.doAs on
the client to call the remote EJB. I guess It isn't
right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
>
>
Subject contextSubject =
Subject.getSubject(AccessController.getContext());
contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
Again, thanks for your effort,
Stephan -
Using JAAS for third-party webapp
I'm developing a webapp that will be marketed to enterprise customers. Right now, it handles its own authentication by validating the userid/password against its own user table. I'd like to give customers the ability to plug in whatever type of authentication they want, for example, one that authenticates a user against an Active Directory domain.
It seems like JAAS was expressly designed for this purpose, but as I read up on it, I forsee all sorts of problems that could be caused by it. If I'm missing something, I'm hoping someone here can set me straight.
According to the docs, when an app creates a LoginContext and provides it with CallbackHandlers, the LoginContext will check the Configuration to see if any LoginModules are configured for the app (based on the name parameter passed into the LoginContext). If it doesn't find one, it will look for a set of LoginModules for "other".
Here's the behavior I would like: If there is no set of LoginModules configured specifically for my app, I do NOT want the LoginModule(s) for "other" used, since I have no clue what it/they will be. Instead, I would like to my code to be gracefully notified that no LoginModules are configured, so it can default back to its own authentication mechanism. From the looks of the API docs, however, there doesn't seem to be any surefire way to tell why a LoginException has thrown.
I thought I might be able to check programattically to see if there's a LoginModule configured for my webapp with Configuration.getConfiguration().getAppConfigurationEntry(appName), but, 1) it looks like that will probably throw a SecurityException, and 2) it also looks like it would return the AppConfigurationEntries for "other" in the event there's no entry for my app.
It's important that my app not require the appserver administrator to explicitly configure a LoginModule for it, since that could turn into a support nightmare; I simply want to give powerusers the ability to do so if they choose to.
Is it possible to get the behavior I want from JAAS, without a lot of contortions and workarounds? As I said, I may be missing something, but it doesn't seem like I can.This is from the javadocs
public LoginContext(String name)
throws LoginException
Initialize the new LoginContext object with a name.
LoginContext uses the specified name as the index
into the Configuration to determine which
LoginModules should be used. If the provided name
does not match any in the Configuration, then the
LoginContext uses the default Configuration entry,
"other". If there is no Configuration entry for
"other", then a LoginException is thrown.
Throws:
LoginException - if the specified name does not
appear in the Configuration and there is no
Configuration entry for "other", or if the
auth.login.defaultCallbackHandler security property
was set, but the implementation class could not be
loaded.
The or condition here could be ignored because you
wouldnt be using CallbackHandlers or even if you are
using them, you could ensure that the classes are
'loadable'.The problem is, that LoginException is going to be called for anything that goes wrong inside a LoginContext. If there is an "other" LoginModule set, but it doesn't recognize my user's name and password, then it will throw a FailedLoginException. How is my code supposed to know that the user's name/password will never be accepted by that LoginModule?
>
2.
An alternative would be to provide your own
own implementation of the abstract class
javax.security.auth.login.Configuration overriding
the default implementation provided by Sun. Remember, this is a third-party webapp running in an appserver with other webapps from different providers. It has to use whatever Configuration is already there.
This is
the same technique if you wish to provide the login
module information in any other location than a text
file (as is required by the default implementation)
You could then throw specific custom exceptions
ons from your implementation code and choose to
handle it in the manner you desire.Even if I could do that, which I can't, as I explained, I have to keep this SIMPLE for customers who might not be very knowledgeable in the more esoteric aspects of J2EE and Java. -
Font Issue with Report Generation Toolkit for Microsoft Office
I have been using this toolkit for only a few days now, but I just have to get this issue off my back. When developing a toolkit it would be a good idea to use the same cluster to represent fonts in ALL places. If you look at "Excel Set Graph Font" vs. "Excel Easy Table" they take two completely different clusters. Why? I don't know, but it is *very* annoying.
How could something like this slip through the cracks? Is there some reason why there is this discrepancy? From my perspective as a software engineer I see no excuse, but maybe someone else can justify this oversight for me. I just hope that I don't find any more issues with the toolkit...
Naveen.Naveen,
what you said is true when dealing with same kind of objects, but in this circumstance, different cluster defines the font of a differnt object. For example, you may not want the user have as many options with defining the font for the X Y axis title as that for defining the text in the table. This is ture when you want your generated report to have similiar styles.
But this is certainly something we will think about, thanks for your constructive suggestion,
XD Gao
Application Engineer
National Instruments -
Issue with reversal of MIRO for Planned Delivery Cost
Hi Xperts
We have found out an issue while reversing the MIRO document for Planned Del costs. When we have done the MIRO, the accounting entry got correctly posted with correct account keys.Conditions are not inventoried.
However, when we had reversed it - the stock account got hit.Do not understand, why that happened.Do you have any clue?
1. Suppose we have done the MIRO for Del Cost & then performed GR.Now Stock has already consumed & afterwards we have found that the MIRO for Del Cost is wrong & reverse - in this scenario shall the Stock account will get a hit????
2. I have maintained Price Control "V" in Material Master.However, I have maintained a Standard Price by mistake.In that case shall SAP ignores the MAP & takes Standard Price into account & post PRD??
Regards
SoumickHi,
Before checking Planned Delivery costs accounting documents in MIRO posting and MIRO cancellation document, 1st check how Planned Delivery costs designed for your procurement process.
Use t.code:ME23N, check your Purchase order
Option-1:
Is Planned Delivery costs added to inventory account and at the same time Planned Delivery costs posted to Separate Planned Delivery costs G/L account.
OR
Option-2:
Is Planned Delivery costs posted to Planned Delivery costs G/L account ONLY
OR
Option-3:
Is Planned Delivery costs added to inventory account ONLY.
Based the above one setting, system will post goods receipt and invoice posting document with corresponding accounting entries. Also cancellation of invoice posting document refer to these setting.But account posting depends on price control available in material master.
NOTE:
Standard price procedure (price control “S”):The system carries out all stock postings at a price defined in the material master. Variances in price are posted to price difference accounts.
Moving average price (price control “V”): The system valuates goods receipts with the purchase order price and goods issues with the current moving average price.Differences in price between the purchase order price and the invoice are posted directly to the relevant stock account if there is sufficient stock coverage.
Regards,
Biju K -
Issue with Member Formula written for Balance Type
Folks,
I am facing an issue with a member formula written for a balance type dimension,
The code says
IIF( IsUda([Accounts].CurrentMember, "BalanceSheet"),
CASE
*WHEN IS([Time].currentmember,[YearTotal]) THEN MISSING*
WHEN IsLevel([Time].CurrentMember, 0) THEN (BALTYPE.[EndOfPeriod])
WHEN IS([Time].currentmember,[Q1]) THEN (BALTYPE.[EndOfPeriod],Time.[MAR])
WHEN IS([Time].currentmember,[Q2]) THEN (BALTYPE.[EndOfPeriod],Time.[JUN])
WHEN IS([Time].currentmember,[Q3]) THEN (BALTYPE.[EndOfPeriod],Time.[SEP])
WHEN IS([Time].currentmember,[Q4]) THEN (BALTYPE.[EndOfPeriod],Time.[DEC])
END
,MISSING)
Outline Structure for Time dimension looks like below
+Time
--|+YearTotal
------|+Q1
----------|+Jan
----------|+Feb
----------|+Mar
The highlighted Part of the code works good for all the Measures which is With the UDA tag BalanceSheet, Except if the Measure with BalanceSheet UDA is a Parent Member.
Parent Level Measures are populated with Data(populating Dec Data) instead of showing #MISSING.
Any help on this issue will be appreciated.
Thanks
SathishHello Gurus,
I raised an SR with Oracle support and they have replied by saying that, In EPM 11.1.2.4, the IE11 is only supported for interactive reporting and we will have to use IE 10 & 9 for workspace.
Yes. It works fine in IE 10 & 9.
Thanks,
Siva -
Issue with Receiver SOAP adapter for synchronous scenario
Hello All,
We are facing a strange issue with the SOAP adapter in the interface we have setup. This is the 1st time we are using SOAP adapter in our system (PI 7.11 SP7). We are making a synchronous HTTP call to the web service exposed by another system in our landscape. The payload is send with SOAP envelope and there are no credentials to be maintained in PI settings.
The issue is that we are always getting timeout exception in PI audit logs after sending the request (3 minutes - standard timeout value, no additional config for this). But target system has confirmed that they are sending the response back. We tested from our server OS level and have received the response back in the same screen (to verify there is no firewall/port issue in between the systems). But when tried from RWB, it is always giving the timeout exception and we are not able to see any other log.
We have tried checking in the NWA logs as well after increasing the logging level to ALL for com.sap.aii.adapter.soap. But surprisingly, we didn't get any logs at all for the outgoing SOAP call or incoming response and hence we are unable to trace the issue.
We have setup another synchronous inbound SOAP interface (PI exposing the webservice) and it is working fine. We are also able to trace the logs in both audit log and NWA logs.
Is there anywhere else we can check for the logs? Audit logs is showing timeout error and we are not able to see anything in NWA logs.
Does the target system need to maintain PI credentials in the header when they send the synchronous response back?
Are there any specific settings which should be checked to enable the sync communication? (this should not be the case since the inbound interface is working fine)
Please help.
Thanks
JustinHi Amit,
Thanks for the reply.
Yes we had tested successfully via SOAP UI as well (forgot to mention that). We are getting back the expected response in SOAP UI without using any credentials. We got the same response when we tested it through OS commands from PI server.
The WS is hosted by the target system and they haven't maintained any credentials at their end. So when PI is trying to access, we don't need to provide any credentials. My question is, whether the target system should keep any credentials to send the synchronous response back to PI (java stack). We have tried that as well but since there aren't any logs, we are unable to verify whether the credentials are coming correctly.
The service interfaces are correct and PI configuration are OK. I will try the XPI inspector for logs as you have suggested.
Thanks
Justin -
Display issue with LiveCycle Designer ES4 for cropped PDF in WIN7
Hi,
I am having issue displaying the cropped PDF file in the LiveCycle Designer ES4. The PDF files are cropped 3 inches from bottom using Adobe Acrobat 8 Professional. It used to display properly when we have a WinXP machine but once we moved to a Win7 machine, it cannot display the top part of the PDF anymore. Can anyone help on how to fix the display issue? Thanks.
Kenny
Environment:
Adobe LiveCycle Designer ES4 V11.0.0.2013.0303.1.892433
Adobe Acrobat 8.0.0
Screenshots
Win 7, LiveCycle Designer does not display properly
Win XP, LiveCycle Designer used to display properlyThanks vNohria.
I am having same issue with Adobe Acrobat 9. The Acrobat 9 cropped file is displaying properly under WinXP but have the same issue as above in Win7. This issue seems uncommon as I tried to look for similar issue and couldn't find any.
P.S. It's only the Design View in Win7 that has the issue, I can still see the file fine with Preview PDF in both enviornment.
Design View:
Preview PDF:
Maybe you are looking for
-
The button used to work until I upgraded, now it doesn't. The button still works for other documents and if I use Internet Explorer Browser. I have windows vista. Any suggestions?
-
Dbtier adcfgclone error in 11.5.10.2
Hi , DB-10.1.0.5 apps-11.5.10.2 os-HP UNIX I we started db and listener manully.and i ran adcfgclone.pl dbteckstack.I am getting below error.please help me. Log file located at /testcrm/app/product/10.1.0/db_1/appsutil/clone/bin/CloneContext_05060158
-
Firefox opens certain websites but not others, same with google chrome and IE
Basically a day after installing sc2 my firefox started running really, really slowly and stopped opening sites that ive always opened perfectly fine before. I can open; http://eu.battle.net + US website http://forums.wow-europe.com/?sid=1 + US websi
-
Will Toneport ux1 work with Garageband
I realize this may be a Line 6 support question, but here it goes... I have the ux1 and i've downloaded all the software from the line 6 website but it doesn't recognize the interface as authorized. My goal was to use the interface for garageband. Wi
-
External Monitoring - Mac Mini to YPbPr
I'm trying to connect my Imac to a 20" LCD Monitor. I have the Mac Mini Display to VGA to YPbPr adaptor. But the Imac doesn't see the device. Help Please