Masking HTTP inbound URL for security and control - Seeking Ideas

Similar Messages

• Single URL for internal and external CRM access when using IFD

  Hello,
  At one of our client site I have setup IFD on CRM 2011. This IFD is behind TMG. My client is a big corporation therefore all CRM components including CRM, ADFS and SQL are on separate servers.
  I have configured IFD using single url https://orgname.contoso.com Their IT staff wants to know why can't they use single URL for internal and external access where internal users are nto prompted for authentication
  when logging on to the CRM server. I know you can do URL re-write in ADFS but they want to know the reason "why internal users can't use the same IFD URL and don't get prompted for their credentials". Text below is from their IT staff.

  There are several approaches to your question.  You need to set up both an internal and an external relying party trust. If you use the external URL, it will always direct you to the signin page, if you use the internal URL, it will resolve you single
  sign on.
  I've configured IFD for CRM multiple times, and this is how it works. CRM looks at the URL. If you use the external URL (org.domain.com), it will prompt for credentials. So what you are asking for, a single URL that works single sign on internally and prompts
  externally really isn't possible.
  What I recommend is:
  1. make the external URL available internally
  2. Configure all outlook clients against the external URL, that way you won't have to reconfigure when someone goes internal to external
  3. Have users who are primarily internal use the internal URL for the web client, which will resolve single sign on
  4. Have users who are primarily external use the external URL for the web client
  For #1, since you only need to enter the credentials when you first configure CRM, it is in all effects single sign on.
  One thing I haven't tried that may work is using IIS redirect internally to redirect the external URL to the internal URL. There is also a powershell script in the IFD guide that you can use to make the outlook client switch between the internal and external
  URL's, but nothing that will give you a single URL that works as the internal relying party trust when internal and the external relying party trust when you are external.

• When i got my i phone they had me answer questions for security and now i went to itunes to buy something and they asked me totally different questions...so now i cant buy things from itunes..can i reset or change the questions

  when i got my i phone they had me answer questions for security and now i went to itunes to buy something and they asked me totally different questions...so now i cant buy things from itunes..can i reset or change the questions

  Welcome to the Apple community.
  You might try to see if you can change your security questions. Start here, change your country if necessary and go tomanage your account > Password and Security.
  I'm able to do this, others say they need to input answers to their current security questions in order to make changes, I'm inclined to think its worth a try, you don't have anything to lose.
  If that doesn't help you might try contacting Apple through Express Lane (select your country, navigate to iCloud help and enter the serial number of one of your devices)

• Any ideas for security and parental control software yet???

  Just received two of the touchpads from the fire sale and gave them to my kids, both under 10.  I am very interested in limiting the sites that can be accessed through the browser, as well as a few other things.  Has anyone found a practical means of doing this?  I'd hate to give up on this and switch it over to Android, especially since there is only Gingerbread available.  But, I just don't know what else I can do about these.  Any ideas? 
  Thanks!
  Post relates to: HP TouchPad (WiFi)

  Please take this post with a grain of salt. I don't claim to be a security and parental control software expert, but I have researched these solutions and have some personal experience with them. That being said, here's some ideas to get you started.
  As speedtouch mentioned, OpenDNS is a fantastic solution for website filtering. They have a great set of filters that can be customized and are one of the easiest systems to set up. Simply install an updater app on one of your desktop computers (or directly on your router if it's supported), configure your router to use their DNS servers, and you're good to go. I personally use this system mysefl and it works really well. The only downside in my experience is that there is not a temporary override system (at least, not in the free version that I use). An example of when this might be handy: my wife goes clothes shopping and looking at new bras. Every once in a while, a perfectly legitimate site might get blocked (in this case, probably something I don't want my kid looking at but perfectly fine for my wife). The option to "temporarily override the block" or "temporarily allow" the site would be nice, but it doesn't exist.
  Another FANTASTIC solution that I've used in the past is the Astaro Security Gateway. They have a free home version of their "Software Appliance" that goes above and beyond OpenDNS. I haven't used it in a while, but when I did it was able to not only filter web sites but also monitor Instant Messaging and other online activites. It's a bit more involved as you need your own hardware (I used an old computer with 2 network cards and stuck it in between my router and my broadband modem), but the results are pretty powerful.
  The downside to all these solutions, however, is that they will only work when the TouchPad is on your network. If they connect to a neighbors network of if the go to a friends house, all of these systems will be moot because they are completely bypassed. The only way to monitor that content from ANY network would be to install an application on the device itself and to my knowledge, none exist.

• After AVG PC Tune up, software update message for security and stability update is available FireFox 3.6.18. Should I Update?

  My Dell laptop (Operating on Windows XP) was hit with multiple viruses - I could not open Mozilla Firefox or any other applications for that matter. After much time and many attempts, I was finally able to install and run an AVG Scan and then an AVG PC Tune up. 4,559 problems found and repaired. After the repairs, I received the following message:
  "Software Update - A security and stability update for Firefox is available: Firefox 3.6.18 - It is strongly recommended that you apply this update for Firefox as soon as possible. - an underlined link reading, "View more information about this update" and then 2 choices - "Ask Later" or "Update Firefox." Since part of the problem was with Firefox and some error messages pointed to that, I'm hesitant to click on any of the three options above. Can you help me to get past this error message, please. I am sending this from my home computer. Thank you. Diane

  Sometimes the updater gets in a funny state - Go to http://www.mozilla.org/en-US/firefox/new/ and download the full installer. Close Firefox and run the installer

• We forgot the questions for security and I am not sure if it is mine or my daughters

  I can not buy anything because we forgot the iTunes security questions

  See Kappy's great User Tips.
  See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
  Rescue email address and how to reset Apple ID security questions
  http://support.apple.com/kb/HT5312
  Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
  Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
   Cheers, Tom

• Integrated ITS in a Separate App Server (DI) for Security and LoadBalancing

  Hi Experts,
  I have a specific requirement for ITS Configuration.
  1. Production Server ( CI + DB ) -> Existing
  [ ERP6.0 ]
  OS : Solaris 10
  DB : oracle 10.2.0.2
  H/W: PRIMEPOWER650
  Unicode Enabled
  2. Application Server ( DI ) --> to be made ( and to be used exclusively for Web users)
  OS : Windows2003 sv
  H/W: RX200 S3
  x64
  MEM: 8GB
  No. 1 is existing Production Server Environment.
  The Customer Requirement.
  The Customer wants to use the ITS . But he doesn't want the existing Production Server to be disturbed for the same for 2 reasons. [ Security and Load Balancing ]
  We are planning to create a Separate Application Server (DI) to work as ITS.
  As the Kernel is 700. The ITS is integrated into the Production Server by Default.
  We have written to SAP and have asked whether the Production Server ITS can be disabled and the Separate DI's ITS be enabled so that the NEW ( No.2 ) Application Server will be used for ITS activities.
  SAP has replied saying the Integrated ITS cannot be disabled at the Production Server. Instead as an alternative we can create a Logon Group (using transaction SMLG) and divert all the Web users to the Separated DI (No.2). We have decided to go according to SAP.
  Now I have the following questions :
  1. The Operating Systems of the Production Server (No.1) and the Separate AP (No. 2)
  are different. ( Are there any complexities involved or must do points to be taken care. )
  2. Brief / MUST DO tasks at the Production Server Environment and Must do tasks at the DI Environment.
  I hope someone has already done some few installations on the above combination, if so, request to please share me your ideas.
  Thanks in anticipation
  Best Regards,
  Paguras
  PS :
  my earlier discussion on the same topic on this community.
  ITS Specific Requirement

  Hi Markus,
  Thanks for the Reply.
  We have the following 2 plans :
  Plan-01.
  As you have advised, we will try to disable ITS of CI and enable ITS of DI.
  Plan-02.
  If Plan-01 could be worked out successfully, well implement as per SAP suggests. Creating a Logon Group and divert all the web users to the DI alone.
  To deactivate ITS on CI, you have mentioned to make sure, that the  system does not listen on the HTTP port (transaction SMICM) on the Servers
  BTW, I have seen a parameter called <b>ITSP/ENABLE</b>. if we deactivate this parameter at CI & DB and then activate the same parameter at DI.
  My questions to you :
  1. Shall we go for Plan-01 ignoring what SAP OSS has said. ?
  2. Disable ITSP/Enable Parameter  -> CI & DB
      Enable ITSP/Enable Parameter   -> DI          has to be implemented .
  Thanks & best Regards,
  Paguras
  PS: Sorry for always pounding you with so many questions on the same topic.
  SAP Help on ITSP / enable parameter
  itsp/enable
  You use this parameter to deactivate (0) or activate (1) the integrated ITS. Even if the integrated ITS is activated, it only accesses system resources when it is actually used. Nevertheless, it can make sense to deactivate it to prevent users from accessing the SAP system with SAP GUI for HTML via special application servers (such as batch or update instances). Since the conversion of SAP screens into HTML pages uses additional CPU time, it makes sense to reserve a number of dedicated application servers to be used with SAP GUI for HTML and to use a special logon group to balance the load between them.

• Get URL for List and ListItem

  Hi,
  I have a SharePoint List (SPList) and need to provide the URL for the list. It should be possible to copy this URL to the browsers address field and navigate to the corresponding Details or Overview View (or default view) of the list.
  Additionally, I have a List Item object (SPListItem) and need the URL to directly navigate to the DispForm.aspx of this item.
  I tried it like this:
  string listURL = ... + "/Lists/" + myList.Title;
  string itemURL = listURL + "/DispForm.aspx?ID=/" + id;
  The URLs are correct as long as the "Internal Name" of the list is the same as the displayed name of the list. But in SharePoint it is possible to add a List-Template with no blanks in the name (e.g. 'MyList'), but later rename it and include a blank (e.g. 'My List'). In this case the listURL I retrieve with the above code snippet does not work anymore! For SharePoint only a URL with the list name without blanks is existent. In short: the URL does not include the blank for the list in the url but myList.Title does!!
  So my question is, how can I get a URL that directly leads to my list's Details view (or default view) and the URL that leads directly to the list items "DispForm.aspx"??

  Hi,
          It seems you need to get correct ListItem URL from ListItem’s property, and thanks for all helpful suggestions.
          In this situation, would you please try using List’s Form property instead of “SubString”, code like this:
          string itemURL = yourweb.Url+"/"+yourlist.Forms[PAGETYPE.PAGE_DISPLAYFORM].Url + "?ID=" + item.ID;
         Then  you will actual retrieve the correct path to the DispForm.aspx page.
         Hope this sample can help.
  Best Regards,
  -Aaron

• How to access custom property for attribute and control in .vm file?

  Hi,
  I have created custom properties in OPM for attribute and apply also that properties to attribute.
  But if how to access that value in .vm file?
  I accessed using
  $attribute.getProperty("ScreenProp", "default value")
  but it's not working but same is worked for screen custom property

  $control.getProperties().get("PropertyName") works for custom properties on a control
  If you output $control and $control.getProperties() to the html you can lookup the API for the used classes.
  I can't give an example of the html because it's stripped in this forum
  Edited by: Peter van de Riet on 20-mei-2011 14:18

• SOAMANAGER - Alternative URLs for WSDLs and Endpoints  in ECC

  Hi All,
  We are publishing enterprise services using SOAMANGER transaction in ECC system. In
  our development environments we have no problem with the process.
  However in our cert and production environments we have loadbalancers,
  with SSL offload, and so both port and URLs for the endpoints and WSDLs
  need to reflect the different port/url introduced via our loadbalancer
  and SAP web-dispatchers.
  We have looked at note 11325985, which provides good guidance - however
  when we use the alternative host / port as described on page 2 of the
  note the service cannot be saved and activated -
  Steps for Reconstruction
  Run Transaction SOAMANAGER in one of our ECC systems SED/SEQ/SEP
  Activate a standard SAP enterprise service, i.e
  ECC_CUSTBASICDATABYIDQR_V2
  In the Transport Settings tab of the Configuration of Web Service we
  enter alternative URL - our load balancers URL for cert is
  erp.XXX.com and for prod erp.XXX.com. When we save the
  service it produces the following error ( when we don't specify an
  alternative Access URL there is no error;
  ERROR: ICF: Error when creating alias node: rc: unknown nMethod:
  Alias Create; return code 15
  Error Message Number Screen Number Transaction Program Table
  Regards,
  Ramesh

  1-Use the Tx: SRT_TOOLS
  2-Double-click on "Display of Extended Service in Current Client Configurations"
  3-Complete the "Configuration Name" with the name of the endpoint / service
  4-Click on run
  5-Double-click on the "Configuration Name" found in the left tree
  6-You will obtain the url you are looking for without using the SOAMANAGER
  7-Enjoy

• Security and Control - Creation of ORG Roles

  Hi
  I have created an organization role against one functional role by adding the objects containing org elements only which are falling in that functional role. Now as per the rule it should a user will have one functional role attached and one respective org role which will have local value of org elements and accordingly there will be so many instances of org role. Viz. if there are 100 plants and 50 company codes, then there will be 100 org role for plants and 50 org roles for company codes. so by this practice we are reducing the number of instance roles ( which in tradition method would have been 100*50 = 5000 and in this case it will be 100 + 50 = 150)
  This concept works fine if we have only one org element falling in one object (e.g F_BKPF_BUK, has only plant as the org element), but my question is how can I handle the sceneriao in which there are more than one org element falling in the object ?? e.g. authorization object J_1IA_POSO contains org elements company code and plant ( which comes from transaction code J1I0).
  Your early responce is highly appreciated.
  Thanks & Regards
  Shailendra

  Dear Gaurish
  your demand is quite standard. There is only a "but": nearly 60% of the properties are "global" ones and not "local" ones. That means e.g. "density" data should be valid "global". But e.g. in the context of GHS, OEL etc. local data is required. The access concept is therefore not always prepared on level of VAT/property; e.g. a french guy need to maintain the OEL; the same for the german guy; but there is only one VAT. So the differentiation is done in most cases on usage level. But you need to differentiate the maintenance in CG02/CG02BD from the topic of generation and releasing SDS. Here as well access concepts are used.
  Any access conept is very "company" specific. Just check the available objects which are used to "control"/"Set up" access rights. E.g.:
  SAP EHS user list and Authorizations | SCN
  E.g. consolut - Complete Authorization Object Documentation From /AAA up to E
  might helps as well.
  On top: Access cocnept depends on release you are using. Higher releases does have more authorization objects as in the past. So access concept is not only company specific but release specific as well.
  Topic of access concept is discussed "rarely" here.
  Authorization object C_SHES_TVH
  authorisation object for property tree in CG02
  Specification type authorizations
  IHS safety measures authorization object
  EHS
  May be check "Best practise" approach; which is discussed very often here to get idea about access concept.
  C.B.
  PS: may be check:
  consolut - C_SHES_TVH - EHS: Specification Value Assgmt with Reference to a Spec.
  Authorization check with usage profile in user parameter
  Define Authorizations - Product Safety - SAP Library
  (sorry describes only old releases but good starting point)

• What are the URLs for webmail and the wiki?

  I see that Lion Server supports webmail and a built-in wiki server, both available through a web browser.
  What are the URLs for these; how do I get to them? I can't find that important detail anywhere in the documentation.

  From /etc/httpd.conf
  Alias -->name --> location
  Alias /webmail /usr/share/web/webmail.html
  Alias /changepassword /usr/share/web/changepassword.html
  Alias /profilemanager /usr/share/web/profilemanager.html
  Alias /webcal /usr/share/web/webcal.html

• Acct for security and debugging

  I'd like to turn on accounting for use in security, debugging changes (when sudo isn't used), activity recording and the "what processes were running when..." questions.
  I'm concerned about the affects on the system. Is there a perceptible performance hit or some stability issues?
  I was responsible for the accounting data at another site so I'm well aware of the files and data maintenance involved.

  Workflow is included in the Business Process Management (BPM) forum. I am not sure there is a forum for Security.
  Cheers,
  Ramki Maley.

• I forgot my answer for security and i have typed wrong recovery mail . i dont want to call apple

  hello , i forgot my answers at security and i have typed wrong recovery mail adress . i dont want to call apple . what can i do now ?

  You need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if desired, filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  If the people at the form tell you to call, accept that you need to.
  (109832)

• HT1725 When I type in my apple ID to download a song it says it needs additional info for security, and then it asks me two questions that I don't know the answers to. What do I do?

  When I type in my apple ID password to download a song it says it needs additional information so I clicked ok. And then it asked me two security questions that I don't remember the answers to. What do I do? I'm so frustrated

  Forgotten Security Questions/Answers
  You need to contact Apple by:
  1 - Use the Express lane and start here:
  https://expresslane.apple.com
  then click More Products and Services>Apple ID>Other Apple ID Topics>Forgotten Apple ID security questions.
  or
  Apple - Support -form iTunes Store - Contact Us
  2 - Call Apple in your country by getting the number from here:
  http://support.apple.com/kb/HE57
  or           
  Apple ID: Contacting Apple for help with Apple ID account security
  3 - Use your rescue email address if you set one up
  Rescue email address and how to reset Apple ID security questions
  For general  information see:
  Apple ID: All about Apple ID security questions