New Common Security Policies in CSA 4.5

Similar Messages

• Your message wasn't delivered because of security policies message after adding new company to our network

  After adding a new acquistion company to our network the company is now receiving a undeliverable error message when trying to email Parent Company.  The acquistion company is still hosting there own email.  Emails do come
  through sometime though.  Odd thing is the part where it says "The following organization rejected your msessage because of relay.  The server that is asking for relay has nothing to do with Exchange and is a webserver.
  Your message wasn't delivered because of security
  policies. Microsoft Exchange will not try to redeliver this message for you.
  Please provide the following diagnostic text to your system administrator.
  The following organization rejected your message: XXXXX08WEB02.
  Sent by Microsoft Exchange Server 2007
  Diagnostic information for administrators:
  Generating server: exch-srv.xxx.local
  xxxx08WEB02 #550 5.7.1 Unable to relay for
  Original message headers:
  Received: from exch-srv.bb.local ([10.36.x.x]) by exch-srv.xx.local
  ([10.36.10.9]) with mapi; Fri, 21 Mar 2014 06:24:26 -0600
  Date: Fri, 21 Mar 2014 06:24:24 -0600
  Subject: Fwd: BLASER
  Thread-Topic: BLASER
  Thread-Index: Ac9FAH8o48EjJULkQCyOFAKdwwLLcQ==
  Message-ID: <[email protected]<mailto:[email protected]>>
  References: <[email protected]<mailto:[email protected]>>
  Accept-Language: en-US
  Content-Language: en-US
  X-MS-Has-Attach:
  X-MS-TNEF-Correlator:
  acceptlanguage: en-US
  Content-Type: multipart/alternative;
  boundary="_000_2E7BF3C7D4A34BBE8DA45714401F4470xxxxxxcom_"
  MIME-Version: 1.0
   

  Hi,
  Let’s try the following resolution:
  Exchange 2007 server>EMC>server configuration>Hub Transport>Receive connector>properties>Network> add your new company server IP address in the tab “receive mail from remote servers that have these IP addresses”.
  For more information, you can refer to the following article:
  http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Copy Security Policies onto new computer

  I upgraded my computer to a new computer and installed Acrobat 8 Standard on it. On my old computer I had security policies in there and I want to export them and put them on the new computer without having to recreate them. Does anyone know how to do this? Thanks

  Hi,
  Go to C:\Documents and Settings\<user name>\Application Data\Adobe\Acrobat\8.0\Security on the old computer Note: <user name> is your login name
  Copy security-policy.acrodata to removable media and then paste it into the same location on the new computer
  Steve

• Web-app scoped security policies not working in WL 8

  Hi,
  I can't get web-app scoped security policies working in WL 8.1
  I have a simple web application. It defines a role(ROLE) and security
  constraint (on *.jsp).
  If I examine the web app in the administration console, I see that it
  has created a role (scoped to /*) called "ROLE" just as you would
  expect. It has also created a scoped policy (to *.jsp) with constraints
  that the user be in the role ROLE. This is as expected, and it works.
  However, if I proceed to create my own scoped policy (on *.html) with
  constraints (on ALL methods) that the user be in role ROLE, then I get
  no security at all. ie. I can go to server:port/foo.html and it will
  work - it is not secured.
  Any ideas?
  On a completely unrelated issue, when I deploy an EAR (exploded) with a
  WAR (exploded) and using the admin console expand the application
  correpsonding to th EAR, right click on the WAR node, and try and define
  a scoped role, then I get an error "There are no appropriate RoleEditor
  providers configured". This sounds like a bug. Trying to define a
  scoped policy works as expected.
  TIA,
  Jon

  I can't get web-app scoped security policies working in WL 8.1Well, I can answer this one myself.
  WebLogic 8 has a new optimisation (this wasn't present in 7 AFAIK),
  available on the Security / Realm / myreal / General tab, which
  determines whether or not weblogic considers authorisation of resources
  protected by descriptors or not. (ie. it can force only
  descriptor-protected authorisation, ignoring admin console policies).
  It defaults to ignoring admin console policies, hence my problem.
  Jon

• Document Restrictions of Security Policies

  Hello,
  I've been hunting around but can't find it. Is there a concise reference for how to use Adobe Acrobat8 Security features with the Adobe Document Center? Is it so new that there's no book (Quick Start, etc.) on it?
  I send PDFs to people. But I only want them to be able to print the PDF, not copy any of its content. I also want the PDF to deny access after a 3 month period. I was going to use Pinion Software's AutoShred product, but then I stumbled upon Adobe8 and the Document Center, which seemed like a perfect fit. So I immediately upgraded to Adobe8 and signed up for the trial at the Document Center.
  I have created security policies and everything seems to work as its supposed to. However, when I look at any security policy, there is nothing allowing me to make the kind of detailed modifications permitted in Acrobat8 - Secure / Show Security Properties / SecurityTab / and the list for Document Restrictions Summary.
  For some reason, when I set up a security policy - most restrictive to only permit printing and eliminate file access after 3 months - the "page extraction: allowed" phrase shows up when I examine Show Security Properties / Security Tab / Document Restrictions Summary, even though for everything else it is "Not allowed" which is what I want.
  I thought maybe its a bug, because when I close the file and then reopen it, the page extraction is grayed out. But I don't know if people I send the file to will be able to extract the pages, thus getting around my objective of not allowing them to copy/paste any of my proprietary content onto some other file format.
  Anybody else have this same problem. Is there a way for me to prevent page extraction and have it show up in the Document Restrictions Summary as "Page Extraction: Not Allowed"?
  Thanks,
  Robert

  Hi Holly,
  Question - is that all you want to do? Or do the documents have value to you such that you want to maintain control over how long they are used, by whom, and for how long?
  1. If the former, you can use password protection to protect the documents, and format them so that they cannot be altered.
  From within Adobe Acrobat 8 with the document visible.
  Select Secure / Password Encrypt / Permissions
  Click on Restrict Editing and Printing
  Key in a protection password (I use the same for all documents)
  Select Printing permissions "High Resolution" from drop down menu
  Select Changes Allowed "None" from Drop Down Menu
  Make sure "Enable copying of text, images.... box is unchecked
  Don't worry about creating Security Envelopes or anything else. Just click cancel if those windows pop up.
  Your security changes will not take effect until you save the document. Once saved, you can go to Secure / Show Security Properties / Show Details to confirm that all settings are as you want.
  2. If you want to do the latter, you can sign up for Adobe Live Cycle Policy Server protection of the document. Adobe just came out with a new service. Right now its free. Later to be subscription based.
  https://dc.adobe.com/adc/login.do?nextURL=https%3A%2F%2Fdc.adobe.com%2Fadc%2Fadc.do
  I use this, since I want to maintain control over the documents. I let people print only. No other changes, no copying, no emailing. And the document "self destructs" on the date I set for its expiration.
  Regards,
  Robert

• Local Security policies

  The new Flash Player security policies are driving me nuts
  when trying to work with local files. I'm working on development
  tools that will run in the local machine, I get security issues in
  many cases (from AIR interacting with loaded swf, with local
  xmlsocket). It's clear and easy to implement the security
  restrictions when you work with remote files (you just put the
  crossdomain.xml on the server), but with local files is such a pain
  (see for instance the "use-network=false" compiling option).
  Is there a documentation that helps you to work with local
  files and sort the eventual issues, I couldn't find one.
  Now I would like to communicate with a local java xml socket,
  how could I do to avoid:
  *** Security Sandbox Violation ***
  Connection to localhost:1023 halted - not permitted from
  file:///.../bin/App.swf
  Thanks a lot for any support

  This socket server made my day:
  http://www.blog.lessrain.com/?p=512
  chr

• Applying Security policies to Web Services using WLST

  Hi,
  I can create security roles and assign the role expressions using WLST. I am just curious to know that if we can apply the security policies to the applications/any weblogic resource using WLST.
  If yes, Can you please let me know how I can do that? I checked the Mbeans for applications and security realm, but was unable to find a way.
  I am using weblogic 81 sp6 platform.
  Thanks

  The language used for security policies is not public in 8.1.
  In 9.2, WLS supports XACML.
  http://e-docs.bea.com/wls/docs92/secwlres/xacmlusing.html
  <Prasanna Kulkarni> wrote in message news:[email protected]..
  Hi,
  I can create security roles and assign the role expressions using WLST. I am
  just curious to know that if we can apply the security policies to the
  applications/any weblogic resource using WLST.
  If yes, Can you please let me know how I can do that? I checked the Mbeans
  for applications and security realm, but was unable to find a way.
  I am using weblogic 81 sp6 platform.
  Thanks

• HT1364 Can I use this procedure to consolidate my iTunes media folder along with my wife's, both in a new, common location?

  Previously we have both kept our music folders independent. I now want to use the procedure described in HT1364 to move both of our music folders into a single, common location. The idea is to use the same media folder but still keep each of our iTunes users separate so that each can maintain its own playlists, etc.
  We share the same home PC but each of us has its own user and as such, each of us have a separate iTunes.  This way we can each keep sync'ing music to each of our separate iDevices but share the same source music folders.
  FWIW, we both use the same appleID for purchases, but each of us have individual AppleIDs for iCloud syncing. We mostly have differents songs, but I estimate that we have about 10% duplicate songs/albums, both form iTunes purchases and uploads from CD's.
  The procedure above describes how to change the location of your music files. Using this procedure I will move my media files to the new, common location. I wil then switch to my wife's iTunes user and will repeat the process.  While doing my wifes procedure I'm wondering what will happen when it detects the duplicates... will it just ignore them? ask me if I want to replace the song file, or just crash and mess up either or both of our libraries?
  I assume that this is the proper way to set up a family Apple ecosystem.  This way when a new member of the family begins collecting music he/she can join the "family music library" and sync only the songs she wants and so on.
  I will welcome your comments and implications of doing procedure above. And also, your comments on the proper way to configure a family ecosystem, if this is not the proper way to do it.
  Merry Christmas to all of you.

  Previously we have both kept our music folders independent. I now want to use the procedure described in HT1364 to move both of our music folders into a single, common location. The idea is to use the same media folder but still keep each of our iTunes users separate so that each can maintain its own playlists, etc.
  We share the same home PC but each of us has its own user and as such, each of us have a separate iTunes.  This way we can each keep sync'ing music to each of our separate iDevices but share the same source music folders.
  FWIW, we both use the same appleID for purchases, but each of us have individual AppleIDs for iCloud syncing. We mostly have differents songs, but I estimate that we have about 10% duplicate songs/albums, both form iTunes purchases and uploads from CD's.
  The procedure above describes how to change the location of your music files. Using this procedure I will move my media files to the new, common location. I wil then switch to my wife's iTunes user and will repeat the process.  While doing my wifes procedure I'm wondering what will happen when it detects the duplicates... will it just ignore them? ask me if I want to replace the song file, or just crash and mess up either or both of our libraries?
  I assume that this is the proper way to set up a family Apple ecosystem.  This way when a new member of the family begins collecting music he/she can join the "family music library" and sync only the songs she wants and so on.
  I will welcome your comments and implications of doing procedure above. And also, your comments on the proper way to configure a family ecosystem, if this is not the proper way to do it.
  Merry Christmas to all of you.

• How to use ADF Security policies in OID Ldap

  Hello
  My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
  I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
  Introduction to ADF Security in JDeveloper 10.1.3.2
  An Oracle JDeveloper Article
  Written by Frank Nimphius, Oracle Corporation
  February, 2007
  I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
  to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
  dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: EF37EAA603C611DDBFAE635A1BB60EE0
  orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
  orcljaznjavaclass: java.security.UnresolvedPermission
  orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissionactions:
  uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
  The system-jazn-data.xml includes all entries correctly.
  rgds

  Eurika
  finally solved,
  runing the JAZNMigrationTool requires setting the correct classpath,
  Setting the classpath to the following
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
  allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
  if however, you add the adfshare.jar to the classpath
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
  now the tool will migrate the permission policies , the following shows an extract from the LDIF file
  dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: A5E662E204D411DDBF8807BC4864C5C2
  orclGuid: A5E662E204D411DDBF8807BC4864C5C2
  orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
  orcljaznpermissionactions: read,update
  uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Ammar Sajdi
  www.e-ammar.com/Oracle.html

• How to configure security policies like account locking, account expiry in portal application?

  Hi All,
  Can anybody pls tell me how to configure security policies like account locking,
  account expiry in portal application? By default, it has a 30 minutes lock period
  after 5 retries. But if I want to set other values or want to unlock account of
  a user, then what to do ?
  TIA,
  Sudarson

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• How do I migrate my Acrobat X security policies to Acrobat XI? (I'm on a mac)

  I currently have both Acrobat X and XI installed on my Mac OS 10.7.5. All of my security policies, Actions, and other preferences are on X, and I don't know how to move them over to XI. I have a lot of security policies I can't afford to discard. Is there a way to migrate the policies, and hopefully also the Actions/Scripts I made in X? If so, how would I do that?

  Look in the following location for the file "security-policy.acrodata":
  /Users/[USERNAME]/Library/Application Support/Adobe/Acrobat/10.0/Security/
  Copy it to the location:
  /Users/[USERNAME]/Library/Application Support/Adobe/Acrobat/11.0/Security/

• How do I setup security policies without Adobe LiveCycle Rights Management?

  Hi Guys,
  First of all I  want to excuse for my english language skills . We have about 30 Users which are using Adobe Acrobat XI Standard. Our management board defined security policies for PDF files. We exported the security policies  (Edit -> Preferences -> Security -> Security Settings -> Export). Then we got a file with the extension 'acrobatsecuritysettings'. Next we moved that file to a folder which everybody has read permissions. We ticked at a test computer "load security settings from a server" and type in the path to the file in this way:
  smb://server/share/filename.acrobatsecuritysettings
  I guess the syntax is correct but there are no security policies at 'Tools -> Protection -> Encrypt -> Manage Security Policies'. Any ideas?
  I am very thankful for each reply.

  Interesting. Adobe obviously feel that smb is a URL - sorry, no idea what form their URL would take. You could double check that it is accessible with no username or password (i.e. guest access) since you have put no credentials in the URL.
  For the intranet (htp) server - you could put it anywhere within the files making up the site. For instance you could create a folder private inside the web root, and put the file in there. You can type the URL in a browser to make sure it serves the credential file.

• Migrating ADF Security Policies to Active Directory

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

• Java plugin crashes when creating a new sun.security.pkcs11.SunPKCS11 object

  Hi,
  I have created an applet which signs pdf files and works fine.
  Applet is used in a website that needs client authentication with the same smart card wich is used to sign the documents.
  The java plugin crashes at this line of code. The message showed - The java applet plugin has failed
  sunpkcs11 = new sun.security.pkcs11.SunPKCS11(pkcs11);
  I think it crashes because the pkcs11 module is still used, the light of the smart card reader is not blinking is a fixed light.
  I haven't got an error log because the java plugin crashes. Only shows the log lines before that line of code.
  Later the sunpkcs11 provider is added if the smarcard is unplugged and java plugin don't crashes.
  Security.addProvider(sunpkcs11);
  If I unplug the smart card after client authentication and before sign a document, the java plugin don't crashes and later, the provider is added, and the document is signed and the light of the smart card reader is blinking before signing.
  Firefox 27 version.
  Java Standar Edition version 7 update 51 compilation 1.7.0_51-b13
  I'm using mac os x v10.9 64 bits system
  I have seen:
  http://bugs.java.com/view_bug.do?bug_id=8026833
  I have tested the same applet with firefox, in windows 7, windows 8, ubuntu 13.10 and fedora 19, and works and signs documents after client authentication.
  when applet is loaded in windows is not using pkcs11. But I haven't got the same problem.
  But in mac os x v10.8 and v10.9 java plugin crashes.
  Is there a way to disconnect programatically the pkcs11 module or any other solution?
  I'm not sure why the java plugin crashes. Has got any relationship with the bug 8026833?
  Any suggestion?.
  Thank you.

  Hi,
  According to your post, my understanding is that you had Errors TF30162 and TF250025 when creating a New Team Project in TFS2012 with Sharepoint Site on Visual Studio.
  The Errors TF30162 seemed that the reports for TFS could not be uploaded due a permission problem. The fix was really easy.
  Go to your team foundation server 
  Open the administration console. 
  Click on Reporting
  Click on Edit
  Click on Reports Tab
  Enter the credential for the Reports
  Save
  Click on Start Jobs
  In addtion, the problem may be due to the caching done by Team Explorer in Visual Studio. Exiting the copy of VS on the client and reloading it will fix the problem as the updated team process settings will cached locally.
  To resolve the Errors TF250025, you will need to register a new internal URL for the SharePoint site using Alternate Access Mappings.
  Here are two great blogs for you to take a look at:
  http://blogbaris.blogspot.in/2012_08_01_archive.html
  http://petersullivan.com.au/2009/11/23/tf250025-and-tf262600-errors-on-team-foundation-server-tfs-2010-project-portal-dashboard/
  If still no help, for quick and accurate answers to your questions, it is recommended that you initial a new thread in Visual Studio Team Foundation Server forums.
  Team Foundation Server – General:
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=tfsgeneral
  Thank you for your understanding.
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Hyperion CSS (Common Security Services) - Anyone?

  Is anyone using Common Security Services as an External Authentication module with Essbase? I am looking for some information on how the XML page is setup and details on the other side of the authentication (not just the Essbase side). I would also like to know if anyone has used Siteminder as an external authenticator.

  Yes I have used the CSS auth on Essbase. Please contact me on this. Also I would like to have details on what version of Essbase you are using etc. ThanksAnde