No switch to HTTPS occurred, so it is not secure to send a password

Similar Messages

• No switch to HTTPS occurred in Web Dynpro ABAP application

  We are building a Web Dynpro ABAP application and when I logon I get:
  No switch to HTTPS occurred, so it is not secure to send a password
  I want to suppress this message but I can only find a parameter that works for BSP applications (You can suppress the message using the property BspDontShowHttpsWarning. Goto SICF and locate your service, open node and choose tab error pages. At redirect URL add '&bspdontshowhttpswarning=X').
  However, for Web dynpro this parameter does not work. Does somebody know if there is a parameter available for web dynpro ABAP applications to suppress this message?
  kind regards
  Angelique Heutinck

  Angeline
  I asume that you are using a "Basic Authentication" method, if this is your case, you should configure the SICF service with the following parametters:
  1) Go to SICF, /yourservice / double click
  2) On the "Logon Data" tab, in the "Procedure" option choose "Alternative Logon Procedure".
  3) On the same tab, at the "Logon procedure option", delete the SSO option, and change the Number of the another methods, raised the "Basic Authentication" to the first place.
  4) Go to Error pages tab, flag "System logon", and after that click over Configuration, here check "Do no display warnings"
  Hope this help you !

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred

• Switching from HTTP to HTTPS - adverse side effects???

  Hi everybody,
  what are the possible adverse side effects when changing from HTTP to HTTPS? 
  I could imagine that previously saved web bookmarks would not work, correct?
  Links saved in roles will have to be adjusted in roles, correct?
  Anything else?
  Does anybody have knowledge/experience in this area and how do you recommend to proceed when switching a productive system from HTTP to HTTPS?
  Martin

  The web bookmarks stored on IE browser will still point to the HTTP service, not HTTPS, you will have to make the changes manually.
  The URLS for BW Reports are generated dynamically, you should be able to maintain an entry in table HTTPURLLOC and get this switched to HTTPS. see OSS note 805344 for the same.
  Thanks.

• URL redirect - how to switch from https to http

  Hi, all.
  We have some requirement that the portal session be switched to https on some iviews while the rest of the contents are in http. I am thinking of using url redirect on the web dispatcher.
  What I found is that the url redirect from http to https works great. Now if I want to switch back to http, the redirect doesn't work. Note that the http port is 80 and https port is 443 on the web dispatcher. To test, here is the parameter I did to switch from http to https. This works and transforms the url from http://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxx to https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=http, PROT=https, HOST=ozonehomeep3.XXXXXX
  If I flip it back the other way:
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=https, PROT=http, HOST=ozonehomeep3.XXXXXX
  When I connect using the url https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx, it ignores the parameter and the redirect to http did not happen.
  What is wrong?
  Thanks,
  Jonathan.

  Hello,
  I've had a similar problem for one of my customers.
  I've tried to do it on a root level, just Https://FQDN:port_https/ to http://FQDN:Port_http/
  I've used this parameter to solve it:
  icm/HTTP/redirect_0 = PREFIX=/, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http
  maby you should try:
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http, TO=/irj/portal/zsap_
  You should also verify that the standard http port (80) are open in the firewall from the outside, just take a telnet session to FQDN and port 80
  to quickly determined if the firewall policy are right.
  Good luck!
  Kind Regards
  Håvard Fjukstad.

• Switching between https and http requests

  Hi,
  Our application is built using ADF 10.1.3
  This application need to be integrated with an in house built single sign on system. ( SSO system is built in C# and .NET)
  This single sign on system only understand https request. Once user is validated against single sign on system, our application's authorization page is called in HTTPS mode. Once the user is authorized, he is forwarded to home page. While forwarding to home page, we want to convert the HTTPS request to HTTP.
  Currently once the user is authenticated, all requests are happening in HTTPS mode.
  We do not know how to make http request from existing https requested page.
  Any help is appreciated.
  Thanks
  Ranajit

  Hi,
  the way to do this is by redirecting the call from a PhaseListener or command button. The solution Avrom refers to is a PhaseListener that uses XML configuration file to determine whether or not the page you are navigating to requires https or http. The code that handles the protocol switch is printed below
    * Determines if the requested page requires SSL and if the current protocol
    * meets this need. If not the protocol is switched between http and https
    * @param viewId
    * @param pageRequiresSSL
    public void handleProtocolSwitch(String viewId, boolean pageRequiresSSL)
      ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
      boolean isSecureSSLChannel = ((HttpServletRequest)exctx.getRequest()).isSecure();
      // pages that require SSL and SSL is on, or pages that don't require
      // SSL but SSL is on and should be kept
      if (pageRequiresSSL && isSecureSSLChannel || !pageRequiresSSL && isSecureSSLChannel && isKeepSSLMode) {
      printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
      printDebugMessage("No protocol change required");
      // page requires SSL and SSL is not active. Switch to SSL.
      if (pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("Protocol change required to use https");
        switchToHttps(viewId);
      // switch to HTTP is page doesn't require SSL and channel isn't secure
      // and isKeepSSLMode is false
      if (!pageRequiresSSL && !isKeepSSLMode && isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
        printDebugMessage("Protocol change required to use http");
        switchToHttp(viewId);
      if (!pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("No protocol change required");
    * Switches from https to http using a redirect call
    * @param viewId
    private void switchToHttp(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to http URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to http on host "+ remoteHost);
        try {
            String port = httpPort.equalsIgnoreCase("80") ? "" : ":" + httpPort;
            String url = "http://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to http URL "+ url); 
            //TODO check request Map
             this.printDebugMessage(" Content size of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (IOException e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * switches to https using a redirect call
    * @param viewId
    private void switchToHttps(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to https URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to SLL/https on host "+ remoteHost);
        try {
            String port = httpsPort.equalsIgnoreCase("443") ? "" : ":" + httpsPort;
            String url = "https://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to https URL "+ url);       
            //TODO check request Map
            this.printDebugMessage(" Content of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (Exception e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * @return the hostname of the page request
    private String getHostNameFromRequest() {
        ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
        String requestUrlString = ((HttpServletRequest)exctx.getRequest()).getRequestURL().toString();
        URL requestUrl = null;
        try {
            requestUrl = new URL(requestUrlString);
        } catch (MalformedURLException e) {
            e.printStackTrace();
        String remoteHost = requestUrl.getHost();
        return remoteHost;
    }If your container doesn't support session sharing between http and https then the session is renewed. In OC4J you will have to configure this.
  Frank

• Problem when switching from https to http on Safari

  I am using a Safari browser and try to switch from https to http within the same web application.
  The Safari browser is configured so that on Safari->Preferences->Security the check box "Ask before sending a non-secure form to a secure website" is checked.
  When using the Safari browser in my web application and going from an https page to an http page, the browser shows an (expected) dialog box asking the user whether he wants to send a non secure form. Clicking Ok (twice) causes the following problematic dialog box to appear :
  Safari can't open the specified address;
  Safari can't open "(null)" because Mac OS X doesn't
  recognise Internet addresses starting with "(null)"
  How can I avoid this problem without having to uncheck the above mentioned check box in Safari->Preferences->security.

  I have somehow a similar problem,too. My site is in https upon login which maintains some session data. One of the features of my site is the file upload (servlet) which does some batch processing. Since my https session terminates(timeout)upon uploading, I resorted to switching the link to an http session using
  File Upload
  When I do "session.getAttribute('data')" in my servlet after being called by the "upload.jsp", a NullPointerException is thrown at that particular line.
  My question:
  1. Upon uploading of file/data via https, is there a maximum bytes that it can only process? My file is just less than 1MB and it terminates the session. How do I go about it? Should I switch it then to an http?
  2. If I switch from https to an http session, SSL session data can not be retrieved from an http session?
  Thanks!

• Issues switching to HTTPS

  Hi all.
  I followed Scott Spadafore's advice on forcing a specific page to HTTPS:
  Re: HTTPS and LOGIN
  I'm getting redirected to the right protocol, but the wrong port. The problem seems to be here:
  htp.p('Location: http://'||
  owa_util.get_cgi_env('HTTP_HOST')||
  owa_util.get_cgi_env('SCRIPT_NAME') ||
  owa_util.get_cgi_env('PATH_INFO')||'?'||
  owa_util.get_cgi_env('QUERY_STRING'));
  HTTP_HOST returns "host.mcg.edu:7779" in non-SSL mode, and "host.mcg.edu:4443" in SSL mode. HTTP_HOST contains the port of the protocol I'm switching from, so for example when switching to HTTP, I get:
  http://host.mcg.edu:4443/pls/htmldb... <-- SSL port
  If I use the SERVER_NAME CGI variable (host.mcg.edu) and then hardcode the http or https port number, it works. Not very portable, though, as our production environment uses default ports (80 and 443).
  What am I doing wrong?
  Thanks for your insight.
  -John

  John,
  you could also use mod_rewrite to configure this stuff directly in your Apache (Oracle Http Server powered by Apache :).
  http://blog.murf.org/?p=24
  This way you would have the configuration in a single place.
  ~Dietmar.

• Switch to HTTPS

  Hello,
  I am trying to submit a paragraph of code which has been working on other computers. On my system, I receive the error:
  E_COSMOS_GENERIC: Could not get stream info for http://cosmos08.osdinfra.net:88/cosmos/bingads.business.fastjobs/shares/adCenter.BICore.SubjectArea/SubjectArea/resources/PROD/MonetizationFacts.view
  [HttpStatusCode = Forbidden; ErrorCode = 0x80004005(The operation failed); Description = HTTP(http://cosmos08.osdinfra.net:88/cosmos/bingads.business.fastjobs/shares/adCenter.BICore.SubjectArea/SubjectArea/resources/PROD/MonetizationFacts.view?view=xml&property=info)
  is not allowed. Please switch to HTTPS instead. For more detailed instruction, please check (https://microsoft.sharepoint.com/teams/Cosmos/Documents/SecurityAndCompliance/Security%20Updates%20to%20VcClient.docx).
  Essentially it seems that Visual Studio is telling me that this location is not within communication, because I have to switch to HTTPS. However, because I don't explicitly reference this location in my code, I deduce that it is embedded somewhere in my
  system. Does anybody know how to make the switch from HTTP to HTTPS within the Visual Studio system?
  Thanks,
  Rohit

  Hi Rohit,
  From your description, could you please tell me how you submit a paragraph of code which has been working on other computers and then get the error message?
  If possible, I suggest you can provide me the detail steps or screen shot about how to submit a paragraph of code which has been working on other computers.
  What application you are developing?
  To further help you support this issue, please tell me more information about your issue.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Would it be possible that saved passwords would work on both http and https version of the same site as some pages are switching from http to https?

  Some sites are switching from http to https protocols and some sites run both. This creates some duality when you have saved passwords. You either save passwords for both versions of the site. And if you visit the https version for the first time you just have to go and look up the password as (personally) I don't remember all of my passwords.
  Would it be possible that unless there are different passwords for different version of the site that firefox would use the one that it has already saved?

  You will have to save the password again in case the submit URL and possibly other parameters change.
  You can try this extension:
  * Saved Password Editor: https://addons.mozilla.org/firefox/addon/saved-password-editor/

• My wife recently switched from an iPhone to a Samsung and she can send text messages but she can't receive texts or emails. Any suggestions?

  My wife recently switched from an iPhone to a Samsung and she can send texts but she can't receive them nor receive emails. Her iPhone has had her info removed and the settings have all been set to default. What else does she need to do to correct this?

  In particular the last link is for you
  iMesssage to old phone
  If you move to another phone and forget to turn off iMessage then read “if you no longer have the device in http://support.apple.com/kb/HT5661  If you still cannot resolve it call Apple http://support.apple.com/kb/HE57
  To deactivate iMessage http://support.apple.com/kb/ts5185
  Read http://m.samsung.com/us/support/SupportOwnersFAQPopup.do?faq_id=FAQ00053450&fm_s eq=62995

• An XSD Exception occurred. The kind 'Note' does not exist in the CMS. (FWM

  Hi,
  I am trying to get the Know Rights for a report object without any success. Everytime my code hits this method it throws an exception
  An XSD Exception occurred. The kind 'Note' does not exist in the CMS. (FWM 04030) (WBP 42029)
  I am stuck with this problem for past two days and am not able to figure out any solution
  Can anyone please help me in this issue?
  Public Function GetObjectRights(ByVal CUID As String) As RightInfo()
          Try
              Dim m_BiPlatform As BusinessObjects.DSWS.BIPlatform.BIPlatform
              Dim urls() As String = _Session.GetAssociatedServicesURL("BIPlatform")
              m_BiPlatform = BusinessObjects.DSWS.BIPlatform.BIPlatform.GetInstance(_Session, urls(0))
              Dim _RightInfo() As RightInfo = m_BiPlatform.GetKnownRights(CUID)
              Return _RightInfo
          Catch ex As DSWSException
          End Try
      End Function
  Thanks,

  Hmm... I can't think of anything else that could be causing the problem.
  I don't know of any way to exclude the 'note' right since GetKnownRights() returns all known rights (RightInfo) for the type of object passed into the method.
  A suggestion might be to try getting the knownRights using the BOE .NET SDK (not web services) to see if the same error occurs.  There is some simple sample code that you can use as a test in the [BOE .NET SDK developers guide|http://help.sap.com/businessobject/product_guides/boexir31/en/boesdk_net_dg_12_en.chm].
  If this fails as well, then I can only assume that there is some problem with your install of Enterprise as I have tried many ways to reproduce the error you are getting, but cannot.

• HTTP Error 404 :File does not exist

  Hi all,
  On Test instance we are not able to open the help file,it give an error
  HTTP Error 404 :File does not exist
  can anybody have solution for this
  it's very urgent
  Thanks
  shekhar

  I have changed the note server definition in the external app to add the mail directory in front of the mail file name 'mail/mufile.nfs' and I get the following error:
  05/04/21 15:15:07 lotusnotes: [instance=(null), id=97176201941,7] ERROR: LotusServiceSession: getConfigProperties(): An error occured
  while reading/ retrieving the properties from the the configuration file.
  05/04/21 15:15:07 lotusnotes: [instance=(null), id=97176201941,7] ERROR: Unhandled exception in SOAP call
  oracle.portal.provider.v2.ProviderException: LotusServiceSession: getConfigProperties(): An error occured while reading/ retrieving the
  properties from the the configuration file.

• HT3743 my iphone 4 i bought was jailbroken to ios 6.0.1 redsn0w but i tried to restore the iphone and now it keeps saying connect to itunes but when i connect and try to restore an "unknown error" occurs and it will not boot up whatsoever. please help!

  my iphone 4 i bought was jailbroken to ios 6.0.1 redsn0w but i tried to restore the iphone and now it keeps saying connect to itunes but when i connect and try to restore an "unknown error" occurs and it will not boot up whatsoever. please help!

  If you want to solve your problems, unjailbreak. And don't do it again, because jailbreaking causes problems as you read about in that article. You can try Recovery Mode: http://support.apple.com/kb/HT1808

• Help!!! My macbook pro is not charging. Flat wont switch on green light on charger but not charging. What can I do???

  Hi my macbook pro will not switch on, charger is green led light not orange. It will not charge back up been switched on all day and still nothing. What can I do???

  Perform a SMC reset
  https://support.apple.com/kb/HT3964
  Power
  The battery does not appear to be charging properly.
  The MagSafe power adaptor LED doesn't appear to indicate the correct activity.
  Also see this
  https://support.apple.com/kb/TS1713