Kerberos Ticket via Java to BW to access BW Querys with HTTP POST

Similar Messages

• Exchange 2013 CU5 - Outlook Web Access - Error 9646 with HTTP - No error with HTTPS

  Hello everyone
  i have a strange issue which i actually do not have an idea about what is going wrong.
  - Exchange 2013 CU5
  - SSL Offloading enabled - Virtual directories configured accordingly
  When a user logs in to OWA via HTTP - after a while he sees the inbox but does not see any mail details.
  He only sees "Error: Your request can't be completed right now. Please try again later."
  After a while i also get an eventlog "9646" with too many open OWA sessions for that user.
  Regardless which limit i set in the registry for this - the error does come back - even with 512 sessions allowed.
  Working with HTTPS instead of HTTP then EVERYTHING works fine ... ?
  Any idea on this?
  Actually i am totally lost ...
  Best regards
  Jörg
  Ihr zertifizierter VMware Partner Enterprise Solution Provider, IBM Advanced Partner, Datacore Partner, Microsoft Silver Partner / Solution Provider und Microsoft Small Business Partner. HEGO Informationstechnologie GmbH Telegrafenstrasse 8 D 42929 Wermelskirchen
  Geschäftsführer: Jörg Hermanns, Ralf Gogolin Amtsgericht Köln HRB 36509 Fon: +49 (0) 21 96 / 8 82 97 - 0 Fax: +49 (0) 21 96 / 8 82 97 - 23 Web: www.hego-it.com

  Hi,
  Please confirm if the following features are added in your server manager:
  •.NET framework 4.5 -> WCF Services -> HTTP Activation
  •Windows process activation service -> Process model
  •Windows process activation service -> Configuration APIs
  If not, please add these features. Then ran IISReset \noforce from a Command Prompt window to restart IIS service. Also recycle Application Pools in IIS manager.
  For more information about the IIS Prerequisites for Exchange 2013, please check the windows feature listed in the following article:
  http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• How to create a logon ticket via Java?

  Hi all,
  I need to create a SAP logon ticket programmatically. Do you have some useful documntations or links?
  Thanks.
  Vito

  try this, may be it will help you.
  Example1.java - call the rfc module 'STFC_CONNECTION' with custom definition
  of function metadata. Please notice, the communication with static
  metadata interface definitions is dangerous. The inconsistencies in the
  interface definitions may cause corrupted data, errors while communication or
  even application crashes. In Example2 you can see, how to avoid these problems.
  Property of SAP AG, Walldorf
  (c) Copyright SAP AG, Walldorf, 2000-2003.
  All rights reserved.
  import com.sap.mw.jco.*;
  Example1 - start a simple call with static metadata definition
  @version 1.0
  @author  SAP AG, Walldorf
  public class Example1 {
    public static void main(String[] argv)
      JCO.Client client = null;
      try {
        // Print the version of the underlying JCO library
        System.out.println("\n\nVersion of the JCO-library:\n" +
  \n" + JCO.getMiddlewareVersion());
        // Create a client connection to a dedicated R/3 system
        client = JCO.createClient( "clientnum",       // SAP client
                                       "JOHN",   // userid
                                       "SMITH",     // password
                                       "EN",        // language
                                       "111.111.11.51", // host name
                                       "00" );      // system number
        // Open the connection
        client.connect();
        // Get the attributes of the connection and print them
        JCO.Attributes attributes = client.getAttributes();
        System.out.println("Connection attributes:\n" +
  \n" + attributes);
        boolean is_backend_unicode = attributes.getPartnerCodepage().equals("4102") ||
                                     attributes.getPartnerCodepage().equals("4103");
        // Create metadata definition of the input parameter list
        JCO.MetaData input_md = new JCO.MetaData("INPUT");
        input_md.addInfo("REQUTEXT", JCO.TYPE_CHAR, 255, 255 * (is_backend_unicode? 2 : 1 ),
                          -1, 0, null, null, 0, null, null);
        // Create the input parameter list from the metadata object
        JCO.ParameterList input = JCO.createParameterList(input_md);
        // Set the first (and only) input parameter
        input.setValue("This is my first JCo example.", "REQUTEXT");
        // Create metadata definition of the output parameter list
        JCO.MetaData output_md = new JCO.MetaData("OUTPUT");
        // Specify the parameters types of the function will be returned
        output_md.addInfo("ECHOTEXT", JCO.TYPE_CHAR, 255, 255 * (is_backend_unicode? 2 : 1 ),
                           -1, 0, null, null, 0, null, null);
        output_md.addInfo("RESPTEXT", JCO.TYPE_CHAR, 255, 255 * (is_backend_unicode? 2 : 1 ),
                           -1, 0, null, null, 0, null, null);
        // Create the output parameter list from the metadata object
        JCO.ParameterList output = JCO.createParameterList(output_md);
        // Call the function
        client.execute("STFC_CONNECTION", input, output);
        // Print the result
        System.out.println("The function 'STFC_CONNECTION' returned the following parameters:\n" +
        for (int i = 0; i < output.getFieldCount(); i++) {
            System.out.println("Name: " +  output.getName(i) + " Value: " + output.getString(i));
        }//for
        // All done
        System.out.println("\n\nCongratulations! It worked.");
      catch (Exception ex) {
        System.out.println("Caught an exception: \n" + ex);
      finally {
          // do not forget to close the client connection
          if (client != null) client.disconnect();

• Java Reflection: Trying to access a constrcutor with an array argument.

  Having some reflection problem... upon reflection maybe I shouldn't use reflection... :-)
  The classes I use to test this are defined as follows:
  class MyTestClass{
    public long[] _array;
    public MyTestClass(long[] array)
      _array = array;
  class MyTestClass2{
    public int[] _array;
    public MyTestClass2(int[] array)
      _array = array;
  class MyTestClass3{
    public String[] _array;
    public MyTestClass3(String[] array)
      _array = array;
  class MyTestClass4{
    public Long[] _array;
    public MyTestClass(Long[] array)
      _array = array;
  }and this is how I try to access it:
    // Only classes that have a constrcutor with a single
    // param which is an array can be used with this method.
    // The class also has to define a public field called "_array"
    // which is of the ssame type as the parameter of the
    // constructor
    public Object getNewInstanceOf(String className)
      // getValues uses reflection to instanciate an array of objects of
      // certain types which are not known to start with, i.e getValues
      // can return Long[] or Integer[] or String[]
      Object[] values = getValues();
      Class myClass = Class.forName(className);
      myClass..getField("_array");
      Class paraClass = field.getType();
       Constructor constructor = myClass
                  .getConstructor(new Class[]{paraClass});
      // the problem occurs here, I think I would have to cast "values" to the
      // proper array type, but don't know how to do this using reflection.
      Object  myInstance = constructor.newInstance(new Object[]{values});
     return myInstance;
    private Object[] getValues()
      // use reflection to create the array
    }and this is the error I get
  java.lang.IllegalArgumentException: argument type mismatch

  we can be much helpfull if we do not know which line excatly throws exception
  normaly stack trace shows the line number so can you re-post your code highlitine the line which throws given exception

• Access local disk via Java Web Start??

  HI all ,
  I had saw the JWS document.
  It indicate we can't access local disk via JWS in that Security.
  If I need to access local disk by command, does anyone have better suggestion.
  And can I run *.bat via Java Web Start?
  Thanks very much for your help.
  Morris

  I do the both thing but still don't access to Local disk.
  I just write a simple test class within extend another that create a file (and of course sign it)but still can't create a file Local disk. this MAKE ME MAD and LOOSE MY JOB .
  here is my JNLP file:
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File for Pensionsrechner -->
  <jnlp
  spec="1.0+"
  codebase="file:///d:/"
  href="test.jnlp">
  <information>
  <title>Me</title>
  <vendor>myself</vendor>
  <homepage href="http://www.me.com"/>
  <description> test test test</description>
  <description kind="short">Test creatin of log file on client </description>
  </information>
  <offline-allowed/>
  <security>
  <all-permissions/>
  </security>
  <resources>
  <j2se version="1.4"/>
  <jar href="test2.jar"/>
  </resources>
  <application-desc main-class="secMan.Test"/>
  </jnlp>

• How to access calendar rules via java

  Hi to all,
  We have a process in which we need to set a Timer, but the date must be validated against Calendar Rules. We searched in forums, webs, documentation and we couldn't find a way to do this.
  I know it is possible to set an expiration date based on Business Calendar on a Human Task (deadline tab in Human task editor), but this is not what we need.
  We actually need a way to set a variable date in the process that can handle only business days. e.g.: 'now' + 2 business days.
  Right now we are setting the Timers with this expression from a Business Rule: Duration.from string("PT48H")
  Then I associate the business rule output with a Time type variable(deadlineTime) doing: 'now' + deadlineTime
  So right after that I can use the Time variable on a timer attached to the human tasks I need. * We need to use business rules because the customer may want to change the times accordingly to their needs through BPM Composer. *
  The problem is that this solution does not take into account Saturday and Sundays (holidays are a concern too).
  We need to set the expiration time to timers attached to human tasks, but the time should consider working days only. We consulted with experts from Oracle and told us that functionality is available in the PS 6 version. At the moment it is impossible to migrate to that version. I need to know how to access via Java APIs to the calendar rules for checking programmatically.
  JDeveloper version: 11.1.1.6
  Any suggestion?
  Thanks in advance
  Marcelo

  Hi Yarner,
  Once you have all your dll included in a jar and used the nativelib tag, you have to use, at the beginning of you application, the command System.loadLibrary to load all the dll you need. Including the ones called by the others you have direct access.
  The dll�s have to be explicitly loaded in the order they are called.
  For example: you use lib1.dll and lib2.dll. The lib1.dll needs lib0.dll.
  Even if you don't use lib0.dll directly, once its called by lib1.dll you have to put then in the order.
  System.loadLibrary("lib0.dll");
  System.loadLibrary("lib1.dll");
  System.loadLibrary("lib2.dll");
  I hope it may help you, good luck.
  Mario

• Access System Resources using Java Applet via Java Script

  Hello
  I can access my Applet public methods (and this methods access system resources) via Java Script if I do the following: System.setSecurityManager(null);However, I'm making this post because I don't like this solution.
  Supposedly, setting the SM to null is like making the Applet (which is signed and was accepted by the user via a prompt from the browser) behave like a normal Java program that has no restrictions. (http://java.sun.com/docs/books/tutorial/essential/environment/security.html, second paragraph)
  However, this feels like a workaround of something that is supposed to be there (the SM).
  Also, if I make the methods invocation from inside the applet (using swing buttons and textboxes for example) I can use the standard SM without no problems.
  From my readings, the problem regarding Java Script invocation, comes from the fact that the Java Script is not a secure (not signed) source (because you can invoke public methods the way you wish from it i guess) on the contrary to the applet methods invoked by the buttons.
  Possible solutions I found in the web range from using the public static Object doPrivileged(PrivilegedAction action) method or imaginative things like creating new threads on the public method that call the private methods that access the system resources (supposedly because the new thread runs under the safe environment of the applet)
  I almost got a glimpse of hope with this post http://forums.sun.com/thread.jspa?threadID=5325271&tstart=0
  However, none of these solutions worked, the only results were with the setResourceManager(null)So, any one can contribute with a solution for this? Should I keep trying to find a solution other then the one I already have?
  Regards
  Cad

  1. yes
  2. yes
  Note for 2. the converter will run the applet with SUN jre for sure if the user has IE.
  IE will use the ActiveX technology to run the applet (as with Macromedia Flash).
  For Netscape I am not sure, but I would think Netsape will use the plug in provided by
  SUN.
  Note for SUN jre 1.3. If this applet is to be used within a company that uses a proxy with
  ntlm authentication the 1.3 applet cannot connect (to the Internet) through this proxy since
  ntlm athentication is supported since j2re1.4.2_03. There is one version before that but
  that one will pop up a window asking for the user's domain account and password wich
  is both lame and crappy.
  As for the IE settings, IE has a default setting that askes users the "do you trust"
  queston for AciveX controls within the Internet securety zone (tools -> internet options
  -> security).
  Sincy anybody can make ActiveX controls (allso sign them) a user that has a problem
  to find the "no" button will sooner or later install a malicuous ActiveX control (spy ware
  or a virus).
  If this user's desktop is within your company's network it will cause serious harm.
  This is why most company's disable this by changing the default internet expolorer
  settings. Since I assume you are writhing this applet to be used by a company I allso
  assumed that company has someone to maintain the desktops. In that case I
  assume that person would want to control the security within the SUN jre instead of
  letting the user deside what to trust and what not.

• Are there any API's exposed for SCVMM 2012 which can be accessed via Java?

  I want to monitor the states of VM created using Hyper-V/SCVMM using the Java code.
  I have read that for Hyper-V i need to use J-Interop to acess the API of Hyper-V.
  Does SCVMM also provides API to get the basic information of VM ? If yes then is there any documentation to access it via Java.
  Thank you in advance.

  THE SCVMM API is PowerShell.
  Unless you want to also install Service Provider Foundation (SPF) in front for a web service.
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.
  Disclaimer: Attempting change is of your own free will.

• Kerberos authentication via Apache ...

  Hi all !
  we use SAP NW Portal 7.0; we can access the portal from internet via Apache as reverse proxy;
  our internal and external users access the portal via the Apache reverse proxy;
  now we want to use kerberos to authenticate against J2EE of Portal;
  Kerberos is working when ich access the Portal directly via http://<fqdn>:<port>/irj;
  but when we want to access the portal via Apache reverse proxy e.g. http://portal.test.com authentication via Kerberos don't work; Apache doesn't pass the kerberos ticket;
  is there any solution ?
  the Apache reverse proxy should be the 'single point of contact' for portal access;
  Thanks
  Oliver

  to use the portal, all users ( internal or external ) have to use the URL to our apache reverse proxy; the URL is the same for internal or external users
  ==> http://portal.test.com;
  for the internal users, it would be nice if the apache reverse proxy could pass the kerberos ticket to the portal server so that the login page doesn't appear;
  how to ?
  Thanks
  Oliver

• Addressless Kerberos Tickets

  Where on my directory master would I edit the file to have IP-less tickets issued for providing external kerberos authentication?
  From the OReilly Kerberos Book...
  For MIT and Heimdal clients, use the -A option to kinit to request addressless tickets. Another, more general, solution if you're using MIT clients is to add the following line to the [libdefaults] section of your/etc/krb5.conf file:
  noaddresses = true
  Where on my directory master would I toss this information in to be populated out to the clients and be able to provide both private and public kerberos authentication via my OSX directory master and KDC?
  I think it would go into /Library/Preferences/edu.mit.Kerberos.plist, however I'm not sure if the OS would decide to rewrite it for me on an update....
  Thanks

  Hi
  Assuming OSX Client? Three obvious questions:
  Are you using the appropriate NTP Server for Time Synchronization?
  Are you bound/joined to the relevant Server performing the KDC role?
  Are you using an appropriate DNS Server that can resolve on both pointers queries for the KDC Realm?
  On a client OS there should be no need to issue the "kerberosautoconfig" command. Even on OSX Server there should be no need to issue the command either. Being forced to do so would indicate a problem somewhere in the configuration or database.
  What does issuing "sudo klist -k" return? If the output only shows you entries for the Local KDC then you either never bound/joined the appropriate Realm, you're not attached to a network that can access the appropriate Realm, you received a malformed TGT, DNS is 'wrong' somewhere, or the Server is not performing a KDC Role.
  There are a few other reasons I can think of but these will do to begin with.
  Tony

• How to open-up a pdf file to a particular page via java? (file and page number from another program)

  I have created an Access 2003 Form. Data is entered. The data can be viewed once entered in the same form format, with one addition. The addition is a link to another program where we store files. The files stored are pdf documents. Each document is a scanned file (500+ pages). The link can open-up the pdf file. I want the link to open-up the pdf file to a particular page. I will supply the page number from the database.
  I am aware of Adobe Acrobat 7.0 PDF Open Parameters using a URL that specifies the file to be opened plus actions to be performed once the file is openend (i.e. http://example.org/doc.pdf#page=3). However, the 3rd party program transfers a file from a server to the client via java. The file does not go via a web browser. The java code transfer the file directly from the file server to the the client.
  Any idea how to accomplish the task of viewing a particular page with the process flow described?
  I am using Adobe Acrobat 7.0 Professional.

  So you are reading this file in a standalone version of Acrobat? If so then use the PDF Open Parameters /a option via the command line.
  Sabian
  Example:
  C:\Program Files\Adobe\Acrobat 7.0\Acrobat>Acrobat.exe /A "zoom=1000=OpenActions" "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\SimpleSubmit.pdf"
  Where:
  Path to Acrobat: C:\Program Files\Adobe\Acrobat 7.0\Acrobat>Acrobat.exe
  Note: The example starts in the Acrobat application directory
  Switch: /A
  Parameter Syntax: "zoom=1000=OpenActions"
  Path to file: "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\SimpleSubmit.pdf"
  Note: The quotes are very important for the syntax to work appropriately.

• How do I create a kerberos ticket using coldfusion

  I have 3 apps on our intra net that require authentication and would like to use kerberos to accomplish this. This is my set up.
  users log in to the network and authenticate via active directory (all windows based) , Our web apps are on a box running solaris 10, weblogic app server, cf 9 and oracle 11g.  A group of our web apps on this sever require users to authenticate through oracle (not the web / app server).
  I can authenticate with kerberos via a putty session on the server with no problems.
  USEING COLDFUSION, how do i request a kerberos ticket and pass the necessary credentials to authenticate.?
  can this be done.?
  I am looking for a CODE SAMPLE OF HOW DO THIS IN A UNIX environment  NOT WINDOWS.
  I appologize for the frustrated tone of this post. However, after a week of reading documentation til my eyes bleed, to end up chasing my tail with no truly help info............
  TIA
  JB

  This is something your web server should do, not CF. Configure your web server to participate in the Kerberos realm. If WebLogic is the web server (and not just the application server) configure that:
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/sso.html
  If you have WebLogic configured to use Apache as a web server, configure that:
  http://modauthkerb.sourceforge.net/
  http://support.microsoft.com/kb/555092
  Dave Watts, CTO, Fig Leaf Software
  http://www.figleaf.com/
  http://training.figleaf.com/

• Mobile accounts are not being issued kerberos tickets

  Hi
  If I set mobile accounts to expire as soon as they log out, as soon as the user logs back into the same mac with the same account, it does not get issued another kerberos ticket at login.
  If I turn mobile accounts off, it works every time.
  running 10.6, 10.6 open directory server and the user accounts are AD accounts server 2003.
  I am pulling my hair our here. Is this something that is intentional?

  Other observations:
  *1. from /Library/Logs/DirectoryService/DirectoryService.error.log*
  2010-06-18 14:04:11 CEST - T[0xB0185000] - Misconfiguration detected in hash 'Global UID':
  2010-06-18 14:04:11 CEST - T[0xB0185000] - User 'user1' (/LDAPv3/macsrv1.disney.ch) - ID 1035 - UUID 80699B6C-A90E-4D2F-9B07-FB78F72E9709 - SID S-1-5-21-4063190502-2217233148-2094676766-3070
  *2. user IS showing up in the login window.*
  If I configure the login window to show all users (including network users), then user1 does indeed show up.
  *3. Logging into user1 via ssh works.*
  *4. dscl on macsrv1*
  dscl /LDAPv3/127.0.0.1 -list /Users
  does indeed show user1 (and any other user I create)
  So why can't I login/create user1 on the client mac without toggling the FULL PATH to /Network/Servers/macsrv1.disney.ch/users/user1 first? arghh!

• Problem accessing R/3 with SSO ticket from the EP6.0

  Hi all,
  I have seen this thread: Problem accessing R/3 with SSO ticket from the EP6.0
  I know that it is possible to read SSO ticket from the Cookie in WebDynpro application.
  Now we are at the first step, we don't know how to read SSO ticket from the Cookie in WebDynpro application with java code.
  So anyone can help us?

  Hi,
  This has been discussed in a previous forum.Check this link.A code snippet is also there to read a cookie in webdynpro with this question
  How to implement SSO between Portal, Webdypro and ABAP system?
  I am not able to send the link exactly.
  Regards,
  Sowjanya.
  Message was edited by: Sowjanya Chintala

• Can login, but can't get Kerberos ticket

  Hi,
  This is on OS X Server 10.5.8, all up to date, and an OS X Client 10.6.4, all up to date.
  One user in particular can login, however they can't get a kerberos ticket (iChat and other apps fail to login). They can use the Ticket Viewer app to see that there is no ticket, but then add an identity manually and it all works fine.
  If I change the password via Workgroup Manager they can login with that new password. I also ticked "change password at next login", however the client didn't pick that up (although they logged in with the new password).
  Also, when trying to change the password via System Prefs, it says the old (current) password is incorrect, even though its the same as they logged on with.
  I'm pretty sure the problems are to do with the Kerberos login check failing (as seen in the log below) - but why would the user be able to login, yet fail the kerberos authentication check?
  Output from password server log:
  Nov 2 2010 10:24:52 RSAVALIDATE: success.
  Nov 2 2010 10:24:52 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DHX authentication succeeded.
  Nov 2 2010 10:24:52 KERBEROS-LOGIN-CHECK: user {0x46ac8ee739c0ff000000000e0000000e, nhankey} authentication failed.
  Nov 2 2010 10:24:52 GETPOLICY: user {0x46ac8ee739c0ff000000000e0000000e, nhankey}.
  Nov 2 2010 10:24:52 GETPOLICY: user {0x46ac8ee739c0ff000000000e0000000e, nhankey}.
  Nov 2 2010 10:24:55 RSAVALIDATE: success.
  Nov 2 2010 10:24:55 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DIGEST-MD5 authentication succeeded.
  Nov 2 2010 10:24:56 RSAVALIDATE: success.
  Nov 2 2010 10:24:56 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DHX authentication succeeded.
  Nov 2 2010 10:24:56 KERBEROS-LOGIN-CHECK: user {0x46ac8ee739c0ff000000000e0000000e, nhankey} authentication failed.
  Nov 2 2010 10:24:56 RSAVALIDATE: success.
  Nov 2 2010 10:24:56 AUTH2: {0x46ac8ee739c0ff000000000e0000000e, nhankey} DHX authentication succeeded.
  Nov 2 2010 10:24:56 KERBEROS-LOGIN-CHECK: user {0x46ac8ee739c0ff000000000e0000000e, nhankey} authentication failed.
  Is there a way to see which tickets have been issued on the server?
  Thanks for any help.
  Regards,
  Steve

  ... bump ...