Managing and Accessing Years of Flash Artwork Assets?

Similar Messages

• User management and Access Control in HCM Cloud

  Hello,
  Information is scarce about User management and Access Control in Oracle Cloud generally. Today, I have two questions :
  - How can I bridge HCM Cloud user store with my on-premise IDM or security repository in order to allow identty governance to flow to HCM Cloud service ?
  The only information I got was that you can declare manually and by bulk import through files my users. This is not really interresting as I have an automatic IDM with workflows and identity control on provisioning and de-provisioning.
  Is there a SPML or proprietary endpoint to do it automatically ? What are the prerequisites ? Do I have to implement OIM on my side ?
  - Once my users are created, how can I do webSSO from my internal security repositories to the HCM Cloud service ?
  I do not want to distribute new set of login / passwords to my users. Is it possible to do Identity Federation (SAML 2.0 or WS-Fed) with HCM Cloud service ? What are the prerequisites ? Do I have to implement OAM on my side ?
  I accept all pieces of information you can give me on this topic to help me understand the funcitonalites, limits and options offered by Oracle Cloud and more precisely by HCM Cloud service.
  Best regards,

  OIDDAS has limited capability of access control and information hiding. Presently, the permissions and privileges can be set at a realm level, and fine grained access control / information hiding cannot be done.
  At present, the only way to restrict view and access control is by appplying ACLs (which is not the safest bet).

• Difference between Identity Manager and Access Manager

  hi,
  Can any body tell me the difference between Identity manager and Access Manager.
  thanks in advance
  regards
  dhawanmayur

  Access Manager is for access control (web authentication, authorization), Identity Manager is for identity (userid,profile,role, password etc) provision/management across multi resources (such as unix, active directory, peoplesoft, SAP) etc.

• Power Manager and Access Connections crash, neither help nor solution from Lenovo!?!

  Hello
  I've already posted here on the forum several weeks ago about the obvious problem that Lenovo has with the latest version of the Power Manager and the Access Connections which both crash either on startup or while tryibg to open it.
  So far there has been neither an update, nor a solution nor an official statement from Lenovo about that problem that consists rightnow for over two month!
  When searching the forum I see the same all over again: Unanswered threads, solutions that don't solve anything at all and so on...
  And just if someone here comes up with comments like:
  "work's here" or "just rollback to the old version", what is the point of writing software that doesn't work?? And why not giving ANY SUPPORT AT ALL???!!!
   I really would at least like to see an official statement saying "we work on it". After buying one of the most expensive notebooks on the market (and in my opinion still one of the best) hat would be the least one could expect form a "award wining" company like Lenovo...
  Regards
  Martin Pauli

  Hello, I am a Help Desk Consultant at Rensselaer Polytechnic Institute and currently, we've had many problems with access connections, 4965 agn wireless card, and its drivers.
  Symptoms:
  1) Wireless card is detected my windows device manager
  2) Wireless card is NOT detected by access connections, intel wireless utilities/tests/etc
  Other related information:
  1)  Events with ID 7036 + source: NETw#v## (the # stand for numbers, I can't quiet remember which ones but the one after the v is a 5
  2) Rollback driver is NEVER an abailable option
  3) Every failure case with same symptoms came in starting mid September
  4) If you select "show hidden devices" in device manager, there is a huge number of devices, most of which seem to be repeats
  After many hours of debugging and fustrated complaints, I have determined that it could be one of many problems:
  1) Teredo tunnelling: Apparently, atheros/intel/access connections won't find the wireless card if teredo has been enabled or something
  2) Power management: A default setting is "let windows turn the wireless off it there's not enough power" in wireless properties>configure>power management
  3) Driver update combination conflict: between a update on 9/21 and present time, there's something horribly gone wrong
  If anyone has a definitie solution to this, please post. 

• Funds Management and Fiscal Year Variant Change

  Hello !
  We are configuring a new fiscal year variant.
  Currently, the system is on a CALENDAR YEAR FY variant and we are doing the following:
  1. creating a shortened FY of Jan 2009 - Mar 2009
  2. new fiscal year from April 2009 - Mar 2010
  We are trying to change the FY variant for Funds Management via OF15 but receive the error FI674.
  FI674:
  You must not change the fiscal year variant in Cash Budget Management or Funds Management for FM area FM01 if actual data already exists for FM area FM01, or if one or more of the company codes assigned to FM area FM01 is active.
  We have found oss note 719597 which details how to change the FY variant for Cash Budget Mgmt, but it does not apply to Funds management.
  I could find no other supporting documentation.
  Can anyone guide us as to how to deal with this issue?
  Thank=you !

  Hello Patti,
  The point is that it is not possible to change fiscal year variant if actual values exists.
  You are trying to do a change in January. You probably have some postings in 2009 already.
  In the area of PSM-FM there is no note like 719597 of TR-CB.
  Only if no actual values exist, this customizing change would be possible and reasonable.
  If you are doing this setting in your customizing client, you can delete the postings (please DO NOT do it if you are in production) that exist in 2009 and try again.
  SAP do not recommend to change a Fiscal Year Variant that has already been assigned to a company code and has already some postings. This may  create database inconsistencies.
  You can create another Fiscal Year Variant with the information that you want to be customize, and this variant you will be able to assign to a company code. Before you assign this new variant to a company
  code please be sure that none of the information that you already posted in this company code will be affected, this information you may review it with your consultant on-site.
  Also please review/apply note 173636, 202687, 10945, 193713, 123026, 210861 which may happen in your system.
  The fiscal period is related to the posting date via the fiscal year variant. E.g.: I you do a posting on 5.5.2009 it will be posted e.g. in period 5 for fiscal year variant 'A'. This period is not only used in the document header table (BKPF,VBRK,MKPF ...) but also in several balance table (GLT0, KNC1 ...) not only in FI but also in SD, MM, CO .... If in the new  fiscal year variant 'B' this posting date is related to another period e.g. 7 the relation between documents and Periods and balances will be destroyed.
  The problem will be enhanced if the posting-date would be related to diffrent fiscal years.
  In addition several reports in AP/AR and GL reread period-depend data by selecting the posting-date regardless of the period in the document because it's not normal practise to change the fiscal year variant of a company code.
  Some of the involved issues are:
  - FM actuals and commitments may need to be reconstructed if their period- (or even fiscal year-) assignments is changed.
  - FM actuals/commitments can not be reconstructed if fiscal year change activities have already been performed (commitment carry forward, FMJ1, FMJ2).
  - Budgeting data and assigned values may principally be concerned as well, especially if you are working with period values in budgeting.
  The change of fiscal year variant has several implications and should be analyzed very carefully.
  Please check note below for more information:
  Note 672255 Shortened fiscal year / changing fiscal periods
  I hope it helps you and good luck
  Best Regards,
  Vanessa.

• Latest versions of Power Manager and Access Connections got borked.

   I have a T60p running a fully patched XP SP2, model 2007CS3, and I work for IBM. I'm posting this because our internal IT support team has no clue how to fix this.
  I updated Power Manager to 1.52 when it had initially released, and since then it always fails with  an error in pwmuictl.dll, however the taskbar indicator is working properly. So I have to rely on Windows' built in power management only.
  Couple of days back I updated the ethernet drivers  to 9.12.41.1001 as in the latest package listed on the site.
  After that Access Connections 5.2 stopped working- the AcSvc service would fail on startup and subsequent restarts.
  I rolled back the ethernet driver to the previous version- uninstalled the device and reinstalled specifying the older drivers- to no avail.
  After a lot of struggle I downgraded it to version 4.23 that is used internally- and now my LEAP based wifi does not work. If I create a new connection profile- Access Connections craps out after filling in wifi security parameters. I reset my LEAP password  and tried again- it still does not connect.
  So effectively, updating the ethernet drivers turned out to be a big mistake. I hope someone can help, if you need additional information/screenshots let me know.

  Hello Martin,
  you have AC 5.02 instead 4.52 installed, like your screenshot shows.
  Some user have been experienced problems with this version and the version of new Powermanager.
  So if your system runs satisfactionally then there is no need to update.
  I would roll back and see if your program became operationally again.
  Kind regards
  Andreas
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• Funds Management and Budget Check on Settlement of Assets

  Dear All
  We are implementing Funds Management module with BCS as budgetary tool. We have a requirement like this. At the time of PR or PO for AUC, budget need to be checked, whereas at the time of settlement of this AUC to a fixed Asset there should not be any budget check
  Kindly let me know whether, this scenario can be mapped in SAP using Funds Management Module
  Regards
  Vivek MG

  Hi,
  You can build a derivation rule in FMDERIVE basing it on business transaction field. In case of assets settlement, you can derive a dummy commitment item.
  Regards,
  Eli

• Sizing of Oracle IdentityManager and Access Manager on same Weblogic Server

  Hi ,
  We are planning to deploy Oracle Identity Manager and Access Manager on the same weblogic server in different domains.We have user base of 25000 users.
  We can propose two different weblogic servers for OIM and OAM ?
  Please let me know the best hardware and software requirements for this installation.
  Thanks,
  RBM

  Here is sizing guide for Oracle Identity Manager
  http://www.oracle.com/technetwork/middleware/id-mgmt/oim11g-sizingguide-194346.pdf
  You can use it as a guideline, and it refers to 25000 users similar to your requirement. There are other factors also consider like, failover, performance etc. Feel free to reach out if you need more info [email protected]

• Time difference between the Identity system and Access System: OAM

  I was installing OAM. Performed the below steps.
  -installed identity server
  -installed webpass
  -setup of identity system console
  -installed policy manager
  -setup of access system console
  The above steps were successfull. Then when i was logging into Access system console, i am getting the below error:
  Error:there was a problem obtaining the userid. One possible reason for this is a time difference between the Identity system and Access systems (Policy Manager and Access system console).+
  The Identity Server, WebPass and Policy Manager are installed on the same machine.
  Userdata repository: OVD 10.1.4.3
  Policy and Config Data Repository: OID 11.1.1.3
  OAM: 10.1.4.3
  Windows2008 - 64bit
  Found document in metalink similar to this issue. suggested to change ldapmaxofreties. but didn't help.
  Any idea on this error. Please Advise.
  Thanks in advance.

  Try this::
  Check Time Difference Between Identity and Access Manager Systems
  Check the logfile in the Access Manager install directory. The default location is <$AMinstall_dir>/access/oblix/logs/oblogfile.
  If the file exists and it contains following line "skew = slack = " that means the Identity and Access Manager Web Servers are on different machines and have not synchronized time within a minute.
  Either synchronize times between the two machines within a minute's accuracy or you can increase the slack by modifying these two files: <$AMinstall_dir>/access/oblix/apps/common/bin/oblixbaseparams.lst: loginslack: <$IMinstall_dir>/identity/oblix/apps/common/bin/oblixbaseparams.xml: loginslack: where numofseconds is more than skew found in the oblogfile.
  For example, if you have following line in oblogfile "skew = 121 slack = 60", set numofseconds in the two parameter files to 130. After doing this, Stop the Identity Manager Web Server. Then stop the Identity Server. Start the Identity Server.
  Then start the Identity Manager Web Server. Start a new browser session and see if you get the same error.

• Change fiscal year to 2006 in Asset Management : error in year-end closing

  SAP version: 4.0B
  Transaction Codes used: Year-end closing – AJAB, Fiscal year change – AJRW
  We are trying to change the fiscal year to 2006 in Asset Management.
  I tried to change the fiscal year to 2006 for the company code 0055 using transaction code AJRW. The test run has displayed an error message “Fiscal year change in co. code 0055 1 possible only after year-end closing 2004 2’.
  I have used the transaction code OAAQ to find the out the fiscal year, the closing for depreciation area is successfully performed.
  Unfortunately it is still showing ‘2003’ which should have been 2004 for company code 0055.
  I tried to close the fiscal year 2004. The test run has completed successfully. I have scheduled the ‘RAJABS00’. The program has executed successfully with no errors or warnings.
  The closing for depreciation area (Transaction – OAAQ) is still showing 2003 for company code 0055, which should have been changed to 2004.
  I am new to Asset Management. Can you please give some suggestions on how to fix the problem and change the fiscal year to 2006.
  Thank you,
  Vidya

  Hi,
  Thank you very much for your prompt reply.
  I have used transaction OAAR to check if any area is still open for previous years.
  Surprisingly! The areas are closed only till 2003.
  Can you please let me know what to do (transaction codes - programs) to close the areas for fiscal year 2004.
  I am new to Asset Management. I think you are good in Asset Management. Can you please give some suggestions on how to close the fiscal year 2004.
  Can you please let me know if I have to run any other transactions other than closing the areas before running the transaction to close the fiscal year 2004.
  Thank you very much.
  Sincerely,
  Vidya

• Discuss Identity and Access Management in the Cloud

  Identity and access management in the cloud refers to the processes, technologies, and policies for managing cloud systems identities and controlling how these identities can be used to access cloud resources. Three separate processes are used in most cloud
  identity and access management solutions:
  Identity provisioning and storage
  Authentication
  Authorization
  Identity management in a cloud system requires a complex collection of technologies to manage authentication, authorization and access control across distributed environments. These environments might include assets both on the internal cloud, which would
  be an on-premises private cloud, and services accessed on the public cloud. These environments can also cross-security domains, as when two enterprise-level organizations collaborate and enable cross-domain access to users from the partner security domain.
  You can learn more about these topics in the article Identity and Access Management in the Cloud.
  Let's talk about that article and the topics of identity and access management in the cloud! Use this thread to get it started.
  Thanks!
  Tom
  Learn more about Private Cloud at the
  Private Cloud Solutions Hub

  Tom,
  I am a novice and attempting to achieve a proof of concept of single sign on.  One example I read stated one should install Identity and Access on VS2012.  I did this on two different machines.   One was in the office domain and it shows the
  item "Identity and Access..." in the context menu of the MVC project I created.  The other machine is my laptop.  I followed the same procedure that worked on the desktop, yet the Identity and Access item in the project context menu does not show.
   One difference is that the laptop is not part of a domain, but I am attempting this proof of concept in Windows Azure with the laptop, since we do not have a test AD in our corporate domain.
  Is this the right forum to inquire about this issue?  Do you have a recommendation about a better forum?
  Stephen Pidgeon

• Screen size and font size unreadable to set the access permissions for Flash Player.

  I can increase my screen view size to make everything appear larger but the screen on Adobe website to manage the use of the Flash Player has very tiny writing that DOES NOT increase in size when I increase the size of my screen view.  It is not use user friendly nor compliant with common standards of web pages being accessible for people who have visual disablilities.  The font size looks like 6pt.
  What does it take to make this giant company allow the window size of the settings to be enlarged or magnified? 

  They will stay on the screen.  However, Process Monitor is only intended for advanced users.  It is recommended that users try to navigate to the troublesome registry key using regedit, and see if they can access it or not without an error.  This is far easier than trying to use Process Monitor, which is very complicated.
  I used Process Monitor to confirm that it was just that key which was causing the problem, and not others.  Process Monitor is not to be confused with the new Resource Monitor which is accessible via Task Manager in Windows 7 (and possibly Vista).  If you must experiment (and Process Monitor is very useful for diagnosing many deep-level problems if you know what you're looking for) Process Monitor can be downloaded from here:
  http://technet.microsoft.com/en-us/sysinternals/bb896645
  It replaces the older Sysinternals "FileMon" and "RegMon".  For those interested in the technical side, I had to setup a number of filters to be able to get the results display as in the screenshot.  First of all to just show Registry events.  Then to just show events from the manual Flash activeX installer executable.  The I added a filter to show only non-successfull results.  And finally, for the purposes of the screenshot, added a filter to just show those with "Access Denied", since other non-critical errors are also picked up due to missing keys because installation has not yet been fully completed I guess.   When experimenting, most of these filters were applied using the "is not" boolean logic, which will make sense if you experiment with the program.
  Without adding any filters, it picks up so many events (hundreds per second) that it's otherwise unusable.  e.g. 40,000 events within the first few seconds of opening the program. For this reason, I recommend simply using Regedit to diagnose the problem with the particular Flash registry key.

• UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

  PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
  In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  Is there some known bug or workaround that matches this description?
  Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
  We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
  So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
  Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
  So, we have the following software stack:
  1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
  2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
  These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
  3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
  At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
  Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
  Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
  4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
  In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
  5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
  This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
  The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
  While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
  "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
  We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
  Here's the configuration we did specifically for AM SSO:
  1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
  com.iplanet.am.cookie.encode=false
  am.encryption.pwd=<the same value>
  all hostname-related parameters point to "psam.domain.ru"
  2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
  com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
  com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
  3) in "msg.conf" on "sunmail" (entries added via configutil):
  local.webmail.sso.amcookiename = iPlanetDirectoryPro
  local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
  local.webmail.sso.singlesignoff = yes
  local.webmail.sso.uwcenabled = 1
  service.http.ipsecurity = no
  (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
  4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
  5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
  --- main.js.orig        Sat Jan 26 07:52:09 2008
  +++ main.js     Mon Jul 21 01:06:29 2008
  @@ -667,7 +667,8 @@
  function cleanup() {
     if(laurel)
  -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     else
         exec('logout', '', 'exit()')
  @@ -1707,7 +1708,8 @@
     if(lg) {
           url = document.location.href
           url = url.substr(0,url.indexOf('webmail'))
  -        uwcurl = url + 'base/UWCMain?op=logout'        
  +//      uwcurl = url + 'base/UWCMain?op=logout'        
  +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     exit()
  }6) Calendar SSO - per docs...
  According to ngrep sniffing,
  1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
  2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
  3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
  Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
  Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
  4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
  Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
  5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
  Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
  Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
  7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
  <Request><![CDATA[
  <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
  <GetNamingProfile>
  </GetNamingProfile>
  </NamingRequest>]]>
  </Request>
  </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
  ...then a double-request to /amserver/sessionservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="Session" reqid="686">
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="678">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]>
  </Request>
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="679">
  <AddSessionListener>
  <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </AddSessionListener>
  </SessionRequest>]]>
  </Request>
  </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
  !!!*** Now, the problem part ***!!!
  8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
  I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
  For the most detail I can provide, I'll even paste the whole HTTP packet:
  POST /amserver/sessionservice HTTP/1.1
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
  Content-type: text/xml;charset=UTF-8
  Content-length: 336
  Cache-control: no-cache
  Pragma: no-cache
  User-agent: Java/1.5.0_09
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Host: cos-psam-01.domain.ru
  Client-ip: 194.xxx.xxx.xxx
  Via: 1.1 https-weblb.domain.ru
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="258">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]></Request>
  </RequestSet> The server's error response is apparent:
  HTTP/1.1 200 OK
  Server: Sun-Java-System-Web-Server/7.0
  Date: Thu, 31 Jul 2008 05:49:50 GMT
  Content-type: text/html
  Transfer-encoding: chunked
  19b
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="258">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
  <GetSession>
  <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
  AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
  </GetSession>
  </SessionResponse>]]></Response>
  </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
  POST /amserver/sessionservice HTTP/1.1
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
  Content-Type: text/xml;charset=UTF-8
  Content-Length: 379
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_09
  Host: psam.domain.ru
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="281">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
  <SetProperty>
  <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
  <Property name="uwcstatus" value="active"></Property>
  </SetProperty>
  </SessionRequest>]]></Request>
  </RequestSet> ...and the response is OK:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="281">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
  <SetProperty>
  <OK></OK>
  </SetProperty>
  </SessionResponse>]]></Response>
  </ResponseSet>

  There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
  The solution for these customers was the following:
  => AM server/client side:
  Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
  => AM client (UWC) side:
  - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
     <property name="encodeCookies" value="false"/>
     <session-config>
        <session-manager/>
     </session-config>
     <jsp-config/>
  <property name="allowLinking" value="true" />
  </sun-web-app>Regards,
  Shane.

• Assets management and inventory Management.

  This may be simple situation often encountered in industries. The need is to manage an item as an asset as well as manage inventory functions of purchasing, receiving, physical inventory and issue of these assets to customers as inventory materials. The materials are also needed to accounted for depreciation functions.
  Can experts throw some light on the kind of best practice process flows that we could often consider.
  Thanks in advance for contributors.

  Good questions: I think I need to explain the full scenario.
  This is for a health care industry. The intention is to purchase the materials as assets and these come from different vendors, but often, it could be the same material. The current thinking is as follows:
  1. Forecast the reqiuirement of the materials according the different sizes. For example : small, medium and large.  Each of these sizes could come from different vendors with different model numbers, but are groupd under the sizes.
  2. Based on the forecast probably using APO, the materials are purchased in ERP for these sizes. But we still need to carry the vendor model number as part of the attributes of the materisl. Here there seems to be three options.
  - One is to use Material classification and use capture the model number of the vendor.
  - second is to utilise the Form Fit Function functionality of SAP IS for A&D.
  - Third potential option might be to use Batch management and capture manufacturer number in batch characteristic.
  Once the materials are purchases these are settled to assets and then there is a need to manage their inventory as the requirement is to utilise Logistic execution functionality including sales, delivery and goods issue functionality. In addition the materials also  need to be transferred between different  SAP plant locations.
  There is also a challenge to manage the requirement as more often, the need is for just the size. but sometime there is a requirement for a specific model within a particular size.
  I am not too sure whether there is an absolute need to manage seralisation for individual material numbers, but from asset management perspective, is there a need> Pl clarify
  Any comments / suggestions on the above is very welcome.
  Appreciate your time and thinking and value contribution.
  Venkatesh

• Firefox 3.6.8 crashes when accessing Add-on Manager and Google Toolbar (v 7.1.20100723W) is enabled

  Well, as I said, Firefox 3.6.8 crashes when accessing Add-on Manager and Google Toolbar (v 7.1.20100723W) is enabled. This is on a 2010 white unibody macbook. I have a google toolbar, and all of a sudden, it keeps saying that it can't communicate with the toolbar. Now, I can't even uninstall it because whenever I go to the add on manager, it says there's an 'unresponsive script'. Could anyone help me? Thanks.

  I fixed it by running in Safe Mode, and uninstalling Personas. Thanks again!