Java Plugin With Client Cert Auth and Keepalive

Hi,
I have a Java Applet that connects to a site requiring client side certificates. The site is running Apache 2.0.54 with a keepalive timeout of 15 minutes. As a result the applet prompts the user for a client side certificate on its inital connection and does not prompt again unless the user has been idle for more than 15 minutes. My problem is that when we try this through our Squid proxy, the Applet prompts the user on virtually every request, making for a very annoying user experience.
We have played with both Squid 2.4 and 3.0 and tweaked serveral promising-sounding parameters with no success. Is there something I am missing? I can mail any logs or config files as needed. One clue is that it does seem to work for requests spaced at about 2 seconds or so apart, but not more.
Thanks for any insights as to what might be happening here.
Best,
Seth

Issue resolved by creating a role with the relevant UME Action permissions. Not entirely sure if this is the best way forward, but it seems to work.
If anyone has other suggestions, or better ways of doing this, please let me know.
Thanks

Similar Messages

  • Client-cert auth impl in web.xml does not work in Oracle Application Server

    Hi,
    I am new to implementing security features on the web applications.. I have developed a new web service using jdev1012 and deployed in OAS 10.1.2. Its working fine according to the business requirements, but I am in need of implementing client-cert authentication to enable the web service available to only those who have client certificate.
    My server details are:
    Oracle Application Server 10g Release 2 (10.1.2)
    Server certificate is in place and SSL mode have been already enabled.. able to access my web service through https://<mydomain.com>/myws/TreqWS as well able to see the WSDL file through https://<mydomain.com>/myws/TreqWS?WSDL.
    I tried to include the following in my web.xml file as part of implementing CLIENT-CERT authentication.
    <security-constraint>
    <display-name>SecurityConstraint</display-name>
    <web-resource-collection>
    <web-resource-name>WSCollection</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>WSCollection</realm-name> <!-- am not sure about this realm-name and its purpose -->
    </login-config>
    It is not woking as expected, though I have restarted my oc4j container after including this content to the web.xml file. i.e, I am able to invoke the web service though my sample java client program, though I donot have client certificate/keystore.
    I believe I am missing something..Can anyone help me in this regard to implement CLIENT-CERT authentication successfully?
    Thanks,
    Ms

    I am having the same problem with doc and xsl. I have added this
    <mime-mapping>
    <extension>xls</extension>
    <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
    <extension>doc</extension>
    <mime-type>application/msword</mime-type>
    </mime-mapping>
    to my web.xml. I even restarted the server. I still see doc and xsl in binary.
    Is there some other setting that needs to take place?
    I am using WL6.1 with fixpack 1.
    I can see the doc and excel files in the browser if I don't go through the weblogic
    server. That just confirms it's not my browser.
    Kumar Allamraju <[email protected]> wrote:
    <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
    <html>
    It works fine for me in 6.1 SP1.
    <br><br>
    If the following doesn't work , can you
    <br>try application/winword instead of application/msword?
    <p>--
    <br>Kumar
    <p>Siming Mu wrote:
    <blockquote TYPE=CITE>Hi,
    <p>I setup in my web.xml a mime mapping as follows,
    <p><mime-mapping>
    <br><extension>doc</extension><mime-type>application/msword</mime-type>
    <br></mime-mapping>
    <p>When I specify a test.doc url, the doc file appears in my browser
    as
    binary data
    <br>instead of download.
    <p>Please reference change request 055002, which decribes this problem. 
    According
    <br>to edocs, it has been fixed in wls6.1sp1.
    <p>But I am seeing it fixed.  Am I doing anything wrong? Thanks.
    <p>Siming</blockquote>
    </html>

  • Weblogic 10.0 web application with CLIENT-CERT suddenly redirect with 401

    Hi everybody,
    we currently have a Weblogic Portal 10.2 web application with an integrated Windows authentication.
    I configured a Negociate Identity Asserter and an Active Directory provider.
    I configure Kerberos services, so we have succefully access to our application through the Windows session.
    But, most of time we have 401 errors on any page when navigating. In fact, the error occures when clicking on a link when a page is not fully loaded.
    For our tests, we use the security webapp provided by BEA/Oracle, and it just work.
    The web.xml used in our webapp :
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>sso</web-resource-name>
    <description>Desc</description>
    <url-pattern>/appmanager/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <description>desc</description>
    <role-name>ssoRole</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name/>
    </login-config>
    <security-role>
    <description>Authenticated user</description>
    <role-name>ssoRole</role-name>
    </security-role>

    which version of web server r u using here ? 6.1 or 7.0 ? if it is 6.1 then there is no easy <If> syntax. if u r using 7.0, then u need to be aware that the processing of 'ppath' is slightly different in 7.0
    in any case, this would be the syntax
    <Object name="weblogic" ppath="/hw/">
    Service fn="wl_proxy" WebLogicHost="------------------" WebLogicPort="------"
    # gateway timeout - back end web logic not responding handle differently
    <If code='504'>
    # send it to a different post..
    Service fn="wl_proxy" WebLogicHost="------------------" WebLogicPort="------"
    </If>
    </Object>
    - sriram

  • Implementing client-cert auth in web.xml in Oracle Application Server

    Hi,
    I am new to implementing security features on the web applications.. I have developed a new web service using jdev1012 and deployed in OAS 10.1.2. Its working fine according to the business requirements, but I am in need of implementing client-cert authentication to enable the web service available to only those who have client certificate.
    My server details are:
    Oracle Application Server 10g Release 2 (10.1.2)
    Server certificate is in place and SSL mode have been already enabled.. able to access my web service through https://<mydomain.com>/myws/TreqWS as well able to see the WSDL file through https://<mydomain.com>/myws/TreqWS?WSDL.
    I tried to include the following in my web.xml file as part of implementing CLIENT-CERT authentication.
    <security-constraint>
    <display-name>SecurityConstraint</display-name>
    <web-resource-collection>
    <web-resource-name>WSCollection</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>WSCollection</realm-name> <!-- am not sure about this realm-name and its purpose -->
    </login-config>
    It is not woking as expected, though I have restarted my oc4j container after including this content to the web.xml file. i.e, I am able to invoke the web service though my sample java client program, though I donot have client certificate/keystore.
    I believe I am missing something..Can anyone help me in this regard to implement CLIENT-CERT authentication successfully?
    Thanks,
    Ms

    Hello,
    You have different level of integration of SSO services in OC4J 10g (10.1.3).
    If you are using an LDAP server you can integrate that using the LDAP security provider and support SSO between applications. This is documented as part of the Identity Management Integration.
    Also in 10.1.3.0.0 you need to have at least an LDAP server (or bigger identity management solution) to do SSO.
    In 10.1.3.1.0, that should be available this summer, OC4J will have a new security service that will allow applications to be authenticated in a single sing-on fashion. (Stay tuned to the OTN forum we will publish a beta version very soon)
    Regards
    Tugdual Grall

  • I am using Mandriva Linux now and I have installed Firefox 6 but I could not install Java plugin with it. Can anyone please help me how to install it?

    I am using Mandriva Linux now.
    But I am using Firefox 3.6.8, but I cannot install java plugin in it.
    Can anyone please help me how to install it?

    The plugins folder in the Firefox installation folder doesn't exist by default. There is no default plugin in Firefox 4, so that folder would be empty and in thus not included. If you want to use that location then you need to create a plugins folder.
    Did you try /usr/lib/mozilla/plugins ?

  • Is strong 2FA with client cert and AD using AnyConnect possible?

    Is it possible to configure AnyConnect to require a client cert that matches the AD username?  Which attribute should be used?  Common name (CN) or something else?  Can anyone point me to the appropriate documentation on setting up this configuration?
    Thanks in advance!

    Jaime, 
    If you want binary comparison of the certificate I  believe it's only possible with EAP methods. 
    That being said, you can extract multiple things from certificate to be used a authentication username. 
    Have a look at this doc 
    http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html
    It shows a couple of different ways to do this on ASA.
    On IOS, I'd suggest looking at FlexVPN feature. 
    M.

  • Firefox will not recognize java plugin that has been installed and worked 1 day ago.

    I have an IMac with OSX 10.5.8, Firefox 5.0, One day ago it worked fine, today when going to a specific site that requires Java, Firefox will not recognize that Java is installed. I checked for updates and there are none. Java is installed and the site works fine with Safari, which requires Java as well. How can i get Firefox to recognize Java installation.

    Apple has removed support for the Java Plugin2 with the latest Java Update 10 for OS X 10.5 Java version, so the Java plugin is no longer available for Firefox versions and other browsers like Google Chrome that require the Java Plugin2.
    The Java Plugin2 plugin is still there, but he softlink to it has been removed with this update, so Firefox doesn't find the plugin.
    There will be fix for this in the next release (Firefox 5.0.1 or 6), so that Firefox will find the plugin again.
    I don't know if all Java applets will still be working on OS X 10.5 with that JP2 plugin (Apple recommends updating to OS X 10.6 for OS X 10.5 users with an Intel Mac).
    * [/questions/844734]
    * [/forums/contributors/707078]

  • WLC2112 with Guest / Web-Auth and vlan

    Hi
    I'm trying to configure my WLC with guest SSID and vlan 10.
    The security is only set to Web-auth, and it is all working if the guest network is set to nativ vlan (1) But it seems that the http(s)://1.1.1.1/login.html is not reacheble from the guest SSID/VLAN??
    Please help.
    Management IP Address 192.168.14.252
    Software Version 6.0.182.0
    Emergency Image Version
    I have tried with ver. 5.2 also -

    I think that 1.1.1.1 is only reachable from a wireless client during webauth. They should not be able to reach that address once they have passed through the web auth page.
    Don't know if that helps, or not.

  • Memory Leak Java Plugin with Swing Applet

    Hi
    I experience the following problem and desperately need help on this. The Java Plugin (I use Version 1.3.1_02) seems to have a problem in printing Swing Applets.
    The problem can easily be reproduced (at least with NT):
    1) Start Internet Explorer or Netscape (I used 5.5/4.07)
    2) Launch the following demo swing applet
    http://java.sun.com/products/plugin/1.3.1_01a/demos/jfc/SwingSet2/SwingSet2Plugin.html
    3) Print the applet and observe (using task manager) the memory used by the browser process (the memory used by the process will increase every time you hit the print button but never decrease unless you shut down the browser)
    4) Print a couple of times (you may want to pause your print queue) and you will be able to crash your computer
    This seems to be the same bug reported with 4638742. However it says "in progress" for quite some time and I was wondering if some genious might know a work around for this.
    Cheers

    You might want to read an article about memory leaks in Java:
    http://www-106.ibm.com/developerworks/library/j-leaks/

  • Auto detect missing java plugin with Netscape

    How do I get Netscape to automatically detect that it is missing the Java Plugin, and go to Sun's download page? I have IE 5.5 and Netscape 7 installed.
    My html looks like this:
    <OBJECT
    classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
    codebase = "http://java.sun.com/products/plugin/1.4/jinstall-1_4-windows-i586.cab#Version=1,4,1,0"
    WIDTH = "100%" HEIGHT = "500" >
    <PARAM NAME = CODE VALUE = "nz.astarte.planwise.gantt.GanttApplet" >
    <PARAM NAME = CODEBASE VALUE = "." >
    <PARAM NAME = ARCHIVE VALUE = "pwgantt.jar" >
    <PARAM NAME = "type" VALUE = "application/x-java-applet;version=1.4">
    <PARAM NAME = "scriptable" VALUE = "false">
    <PARAM NAME = "projectId" VALUE="<%=theForm.getProjectId().toString()%>" >
    <PARAM NAME = "userId" VALUE="<%=userId%>" >
    <PARAM NAME = "logLevel" VALUE="INFO" >
    <COMMENT>
    <EMBED
    type = "application/x-java-applet;version=1.4"
    CODE = "nz.astarte.planwise.gantt.GanttApplet"
    JAVA_CODEBASE = "."
    ARCHIVE = "pwgantt.jar"
    WIDTH = "100%"
    HEIGHT = "500"
    projectId ="<%=theForm.getProjectId().toString()%>"
    userId ="<%=userId%>"
    logLevel ="INFO"
    scriptable = false
    pluginspage = "http://java.sun.com/getjava ">
    <NOEMBED>
    Could not find a plugin supported by your browser. Please download Sun's Java Plugin 1.4.1
    </NOEMBED>
    </EMBED>
    </COMMENT>
    </OBJECT>
    IE will autodetect and begin the download process. I know Netscape doesn't auto download, but it should at least detect it needs the plugin and go to the http://java.sun.com/getjava page so the user can do a manual download. However all I get is a big black blob where my applet should be.
    Thanks in advance,
    Andrew

    I have modified your EMBED tag a little bit. I think it should work:
    <EMBED
    type="application/x-java-applet;jpi-version=1.4.1"
    CODE="nz.astarte.planwise.gantt.GanttApplet"
    CODEBASE="."
    ARCHIVE="pwgantt.jar"
    WIDTH="100%"
    HEIGHT="500"
    projectId="<%=theForm.getProjectId().toString()%>"
    userId="<%=userId%>"
    logLevel="INFO"
    scriptable=false
    pluginspage="http://java.sun.com/j2se/1.4.1/download.html">
    <NOEMBED>
    Could not find a plugin supported by your browser. Please download Sun's Java Plugin 1.4.1
    </noembed>
    </embed>
    Hope it helps!
    A.A.
    How do I get Netscape to automatically detect that it
    is missing the Java Plugin, and go to Sun's download
    page? I have IE 5.5 and Netscape 7 installed.
    My html looks like this:
    <OBJECT
    classid =
    d = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
    codebase =
    e =
    "http://java.sun.com/products/plugin/1.4/jinstall-1_4-w
    ndows-i586.cab#Version=1,4,1,0"
    WIDTH = "100%" HEIGHT = "500" >
    <PARAM NAME = CODE VALUE =
    E = "nz.astarte.planwise.gantt.GanttApplet" >
    <PARAM NAME = CODEBASE VALUE = "." >
    <PARAM NAME = ARCHIVE VALUE = "pwgantt.jar" >
    <PARAM NAME = "type" VALUE =
    E = "application/x-java-applet;version=1.4">
    <PARAM NAME = "scriptable" VALUE = "false">
    <PARAM NAME = "projectId"
    Id" VALUE="<%=theForm.getProjectId().toString()%>" >
    <PARAM NAME = "userId" VALUE="<%=userId%>" >
    <PARAM NAME = "logLevel" VALUE="INFO" >
    <COMMENT>
    <EMBED
    type =
    type = "application/x-java-applet;version=1.4"
    CODE =
    CODE = "nz.astarte.planwise.gantt.GanttApplet"
    JAVA_CODEBASE = "."
    ARCHIVE = "pwgantt.jar"
    WIDTH = "100%"
    HEIGHT = "500"
    projectId
    projectId ="<%=theForm.getProjectId().toString()%>"
    userId ="<%=userId%>"
    logLevel ="INFO"
    scriptable = false
    pluginspage = "http://java.sun.com/getjava ">
    <NOEMBED>
    Could not find a plugin supported by your
    ted by your browser. Please download Sun's Java Plugin
    1.4.1
    </noembed>
    </embed>
    </COMMENT>
    </object>
    IE will autodetect and begin the download process. I
    know Netscape doesn't auto download, but it should at
    least detect it needs the plugin and go to the
    http://java.sun.com/getjava page so the user can do a
    manual download. However all I get is a big black blob
    where my applet should be.
    Thanks in advance,
    Andrew

  • SCCM 2007 query for workstations with client status 1 and o

    Hi everybody,
    I would like to write a sql query which gives me workstations with status 1  if the client is installed and active and 0 if the client is not active.Any help please?
    Thank you.
    Regards,
    Lebalbo

    Here you go.
    Select * from v_r_system R
    where R.client0 =1 and R.active0=0
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Getting java plugin with j2eesdk

    I download and install Java 2 Platform, Enterprise Edition 1.4 SDK Update 1 and I don't get Java plugin in IE. If I install j2sdk-1_4_2_04-windows-i586-p.exe i can install Java runtime public and get Java plugin.
    Why it is so?

    I download and install Java 2 Platform, Enterprise
    Edition 1.4 SDK Update 1 and I don't get Java plugin
    in IE. If I install j2sdk-1_4_2_04-windows-i586-p.exe
    i can install Java runtime public and get Java plugin.
    Why it is so?Because J2EE != (J2SE + more stuff). It's a different thingy.

  • PC with client cert -- IIS-- WLS using proxy plugin

    I have the following configuration
    PC ----> IIS Web Server ----> WLS
    The PC has a Windows COM application that will use HTTPS to communicate with a
    servlet + ejbs on WLS. The PC has a digitial certificate, the PC authenticates
    IIS and the IIS authenticates the PC via SSL.
    We want to use the BEA IIS plugin to proxy the PC requests to the Servlets/EJBs
    on WLS. We also want the public digital certificate on the PC to be sent from
    IIS to WLS as we need to extract information from it on WLS.
    Solution ID S-08166 says this can be done for Apache. Can it be done for IIS and
    if so how?
    Thanks
    Colman

    I would like the same behaviour but with NSAPI plugin
    any configuration guidelines
    The ppath is the same but one is http and the other https
    "Varun" <[email protected]> wrote in message
    news:3da32e55$[email protected]..
    >
    We are trying to secure certain pages in our web application. Our setuphas an
    IIS server with the WebLogic ISAPI plugin configured for path forwarding.However,
    it seems that we can configure the plugin either to secure all traffic tothe
    Weblogic server or none of it (SecureProxy=ON/OFF).
    What we would like to do is to setup the plug-in so that all incomminghttp traffic
    is forwarded to Weblogic server over http and all https traffic isforwarded to
    the same weblogic server over https. Is there any way to do this?
    Any help is very appreciated.

  • Web service proxy client with client cert cause SSLSessionNotFoundErr

    Hi,
    I tried to run web service proxy client with certification from JDeveloper 10.1.3.0.4 to call PKI enabled web service got folllowing error:
    WARNING: Unable to connect to URL: due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: SSLSessionNotFoundErr
    Web service deployed on OAS

    Hi,
    i am trying to invoke from JDeveloper (10.1.3) a CRM On Demand's Web Service and I hava the same problem:
    ADVERTENCIA: Unable to connect to URL: https://secure-ausomxgfa.crmondemand.com/Services/Integration due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: SSLSessionNotFoundErr
    java.rmi.RemoteException: ; nested exception is:
         HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: SSLSessionNotFoundErr
         at testerlast.runtime.Contact_Stub.contactInsert(Contact_Stub.java:96)
         at testerlast.ContactClient.contactInsert(ContactClient.java:88)
         at testerlast.ContactClient.main(ContactClient.java:69)
    Caused by: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: SSLSessionNotFoundErr
         at oracle.j2ee.ws.common.util.exception.JAXRPCExceptionBase.<init>(JAXRPCExceptionBase.java:93)
         at oracle.j2ee.ws.common.util.exception.JAXRPCExceptionBase.<init>(JAXRPCExceptionBase.java:89)
         at oracle.j2ee.ws.client.ClientTransportException.<init>(ClientTransportException.java:33)
         at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:144)
         at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:121)
         at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:169)
         at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
         at testerlast.runtime.Contact_Stub.contactInsert(Contact_Stub.java:80)
         ... 2 more
    To do the invocation I have done a proxy to consume this Web Service, with the follow main:
    public static void main(String[] args) {
    try {
    testerlast.ContactClient myPort = new testerlast.ContactClient();
    System.out.println("calling " + myPort.getEndpoint());
    myPort.setUsername(nameUser);
    myPort.setPassword(password);
    ListOfContactData llista = new ListOfContactData();
    ContactData[] contacts=new ContactData[2];
    ContactData contact=new ContactData();
    ContactInsert_Input input=new ContactInsert_Input();
    // Login WS HTTPS
    String idSesion=connexioWS_CRM.logon(URL,nameUser,password);
    // Add contact
    for (int i = 0; i < contacts.length; i++) {
    contact.setId("ProvaWSCRM"+i);
    contact.setContactFirstName("JDeveloper"+i);
    contact.setContactLastName("prove"+i);
    contact.setCellularPhone("77777777"+i);
    contact.setDescription("Add contact with Id:"+contact.getId());
    contacts=contact;
    System.out.println("Id:"+contacts[i].getId()+" firstName:"+contacts[i].getContactFirstName()+" lastName:"+contacts[i].getContactLastName());
    llista.setContact(contacts);
    input.setListOfContact(llista);
    input.setEcho("off");
    System.out.println("Pwd:"+myPort.getPassword()+" Port:"+myPort._port+" endpoint:"+myPort.getEndpoint()+" user:"+myPort.getUsername());
    myPort.contactInsert(llista,"LIC","Broadset","OFF");
    // Logout en WS (HTTPS)
    connexioWS_CRM.logoff(URL, idSesion);
    } catch (Exception ex) {
    ex.printStackTrace();
    What's wrong? Any idea?
    Thank you
    Edited by: user12085357 on 31-oct-2009 10:39

  • Java Plugin with Netscape6

    After downloading and installing Netscape6, I tried to access a page with an applet. I downloaded the Plugin as directed. I Shut Down the PC, rebooted it, and still Netscape cannot find the Plugin. I have fought this for about a month in different ways. Can anyone tell me what I need to do?
    Thanks very much,
    Betty

    thanks for the tip it worked but I made a copy of the file named NPOJI600.dll from C:\Program Files\JavaSoft\JRE\1.3\bin and move it to C:\Program Files\Netscape\Netscape 6\Netscape 6\plugins it works now
    I also had a problem with the adobe plug-in to fix that make a copy of NPPDF32.dll in C:\adobe\acrobat 5.0\reader\browser and paste it to C:\Program Files\Netscape\Netscape 6\Netscape 6\plugins
    thanks again
    Chenz

Maybe you are looking for