Not able to decide on : Mission Configurable Authorization

Hello,
I post here after begging people to
please understand my problem first.this is what I need to achieve:
It is about dynamic authorization.
My application will have an admin page where the admin will be able to give access rights to users for certain actions on certain pages. these could be any permutation and combination.
I need to be able to authorize them based on this condition.
For example :
If it were a mechanic application.
The admin will be able to authorize MechA to be able to perform "Add, Delete" actions on garage A, but only VIEW rights on garage B.
similarly MechB to be able to only "ADD" in garage A, but ADD,DELETE in garageB.Again, the number of garages can be many. the admin will be able to add a garage and delete a garage.
(ofcourse, based on the current access rights they have, the JSP will display those current access rights)
I have poured over google search and forums and security frameworks to decide on an approach for this.
I initially had thought that I will have a table which will have two cols USER and PERMISSIONS.
where users would be the suers and permissions would be URLs. Ex. :
mechA | garageA/add.jsp
mechA | garageA/delete.jsp
mechA | garageb/view.jsp
However, this premature understanding will not work because of obvious reasons (if I need to update or delete the URL for the user.. I am screwing up everything).
Then, now I am thinking of an XML based authorization now. where the parent node will be the user name and his child nodes will be the URLs he has access to. Though i have not worked on this, I know this will be of no use, because my application will have the capability to switch between a db and LDAP. I have very little knowledge of LDAP though.
No secuirty framework is going to be of help ( i have looked extensively through JAAS and Acegi).
because they function majorly on ROLES. In my case I have no ROLES at all :-(
I have been pulling my hair out trying for a solution for this kind of a configurable scenario, where the user base could be on a DB and on LDAP.
Any ideas/help/pointers towards an approach would be highly appreciated.
thanks in advance for your time.

If you don't have roles now, rethink your design.
What if another mechanic comes in as a replacement
for an existing mechanic who left or goes on holiday?
Do you really want to have to assign all permissions
to the new mechanic again? No, you want to be able to
say: this new mechanic has the same role(s) as the
original mechanic and be done with it. Or what if a
mechanic gets promoted? Instead of having to add and
remove all the accompanying permissions, just set or
add the new roles.Well, there will also be Groups, to which the mechanics can be assigned, but it is not a necessity for them to be under a group.
A mechanic can be an individual with individual rights, or can be a part of a group which has certain permissions. In my case, everything needs to be highly configurable. Creating a single user(with specific permissions) or creating the group(with specific permissions) and then assigning mechanics to the group, will really be the admins choice, who will set the users up.
If you realy, really, really can't think of any roles
that make sense, you can pretend each mechanic
defines his own special role (the role is the same as
the mechanic) and still use those frameworks.hmmm... I have typically assigned URLS with wildcard chars. like /admin/*.* with ROLE_ADMIN thing.
In this case,I will probably have to have many relative URLS mapped with a singular ROLE. However, how I can change/update these URLs based on the admins input, still remains a mystery to me.
Any other suggestions ?

Similar Messages

Not able to get the standard configuration settings in GTS system

Hi All
We couldnot able to get any GTS related standard configuration settings in feeder & GTS clients (installed in one system)
We have installed SLL-LEG 720 Plug-in for SAP ECC 6.0 (SAP_AP - Release 700- Level 0012)
Thanks
Ram

Hi Ram ,
You can follow the given step to get standar configuration of SAP:
Choose a transaction in the customizing ( Define Partner Function)
Go to the menu Utilities u2013 Adjustment
Select the FRC connection from client 000
Select your entries and click on Adjust
Select COPY ALL button
Click on YES (copy changes)
Your entry is added in the list
You need RFC connection to client 000.
Hope this helps
Kind Regards,
Sameer

Not able to deploy Integration Library COnfiguration for ORM

I'm trying to install OIM-ORM integration library 10.1.4.2.
I'm following the integration guide and trying to perform the steps in
section 5 Configuring Oracle Role Manager > 5.1 Deploying the Integration Library Configuration.
But getting following error and getting stuck :(
Jul 20, 2009 4:58:29 PM oracle.iam.rm.bizlogic.impl.BusinessLogicCDM validate
+INFO: [bizLogicCDM] validate complete. Validation error count = 2+
Jul 20, 2009 4:58:29 PM oracle.iam.rm.authentication.impl.AuthenticationCDM validate
+INFO: [autheCDM] validate complete. Validation error count = 2+
Jul 20, 2009 4:58:29 PM oracle.iam.rm.deployment.DefaultStatusMonitor onProgress
INFO: Deployment 26% complete.
Jul 20, 2009 4:58:29 PM oracle.iam.rm.event.impl.IncomingEventCDM validate
+INFO: [incomingEventCDM] validate complete. Validation error count = 2+
Jul 20, 2009 4:58:29 PM oracle.iam.rm.deployment.DefaultStatusMonitor onProgress
INFO: Deployment 27% complete.
Jul 20, 2009 4:58:29 PM oracle.iam.rm.deployment.DefaultStatusMonitor onProgress
INFO: Deployment 28% complete.
Jul 20, 2009 4:58:29 PM oracle.iam.rm.deployment.DefaultStatusMonitor onProgress
INFO: Deployment 31% complete.
Jul 20, 2009 4:58:29 PM oracle.iam.rm.deployment.DefaultStatusMonitor onProgress
INFO: Deployment 35% complete.
Jul 20, 2009 4:58:29 PM oracle.iam.rm.deployment.DefaultStatusMonitor onFailure
SEVERE: Deprecated failure management
Validation failures:
+[+
Subsystem: BusinessLogicCDM Config: bizlogic.oim_integration - Transaction Operation 'reconcileAccessPolicy': Plugin 'reconcile_ITRole' in pack 'oracle.iam.rm.bizlogic.plugin.standard_ext' not found.
Subsystem: BusinessLogicCDM Config: bizlogic.oim_integration - Transaction Operation 'reconcileUserGroups': Plugin 'reconcile_BusinessRole' in pack 'oracle.iam.rm.bizlogic.plugin.standard_ext' not found.
+]+
at oracle.iam.rm.deployment.impl.AbstractDeployManager.deploy(AbstractDeployManager.java:390)
at oracle.iam.rm.deployment.DeploymentTool.deploy(DeploymentTool.java:178)
at oracle.iam.rm.deployment.DeploymentTool.invoke(DeploymentTool.java:133)
at oracle.iam.rm.util.cmd.CmdLineApp.invoke(CmdLineApp.java:129)
at oracle.iam.rm.deployment.DeploymentTool.main(DeploymentTool.java:32)
Jul 20, 2009 4:58:29 PM org.springframework.context.support.AbstractApplicationContext doClose
+INFO: Closing application context [org.springframework.context.support.GenericApplicationContext;hashCode=18450577]+
Jul 20, 2009 4:58:29 PM org.springframework.beans.factory.support.DefaultSingletonBeanRegistry destroySingletons
+INFO: Destroying singletons in {org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [deploymentFactory,oracle.iam.rm.deployment.DeploymentManager,oracle.iam.rm.approval.ApprovalCDM,oracle.iam.rm.authentication.AuthenticationCDM,oracle.iam.rm.bizlogic.BusinessLogicCDM,oracle.iam.rm.bootstrap.BootstrapCDM,oracle.iam.rm.cache.CacheCDM,oracle.iam.rm.config.ConfigurationRDM,oracle.iam.rm.event.IncomingEventCDM,oracle.iam.rm.event.OutgoingEventCDM,oracle.iam.rm.i18n.InternationalizationRDM,oracle.iam.rm.i18n.InternationalizationCDM,oracle.iam.rm.loader.LoaderCDM,oracl+
+e.iam.rm.plugin.PluginRDM,oracle.iam.rm.temporal.TemporalEngineCDM,oracle.iam.rm.timer.TimerCDM,oracle.iam.rm.hierarchy.HierarchyIndexManagerCDM]; root of BeanFactory hierarchy}+
Deployment Failed: correct the errors or ensure that the server is down, and then re run.
Please help.
Thanks,
Amruta

I'm doing it manually.
No customization (I'm doing it the first time).
As per your error it is showing that*
bizlogic.oim_integration file is not correct. Just open the oim_integration.car file. You'll find 6-7 folders there.*
there will be one file oim_integration.xml in oracle.iam.rm.bizlogic.def folder. Just check the file, is it correct.*
*+<business-transaction id="reconcileAccessPolicy" related-object-type="itRole" permission="manage">+*
*+<snapshot-logic-definition plugin-pack-id="oracle.iam.rm.bizlogic.plugin.standard_ext" plugin-id="reconcile_ITRole">+*
Are above information is present there or not , if yes are they correct?*
Yes all this information is present in this file. How do I know if it is correct?
I'm copying this information here.
+<business-transaction id="reconcileAccessPolicy" related-object-type="itRole" permission="manage">+
+<title>Reconcile IT Role</title>+
+<audit-event>+
+<argument-mappings>+
+<input-argument-mapping argument-id="0" input-argument-id="displayName" dereference="false"/>+
+<input-argument-mapping argument-id="1" input-argument-id="oimAccessPolicyId" dereference="false"/>+
+</argument-mappings>+
+<message>+
+<i18n:message>IT Role ''{0}'' with OIM Access Policy key {1} was created as a result of integration with OIM.</i18n:message>+
+<i18n:arguments>+
+<i18n:argument type="string">+
+<i18n:description>Name of the IT Role.</i18n:description>+
+</i18n:argument>+
+</i18n:arguments>+
+</message>+
+</audit-event>+
+<arguments>+
+<argument id="oimAccessPolicyId">+
+<title>OIM Identifier</title>+
+<related-object-type>itRole</related-object-type>+
+<related-object-attribute>oimAccessPolicyId</related-object-attribute>+
+</argument>+
+<argument id="displayName">+
+<title>Display Name</title>+
+<related-object-type>itRole</related-object-type>+
+<related-object-attribute>displayName</related-object-attribute>+
+</argument>+
+          <argument id="entitlements">+
+<title>Comma separated values of mapped OIM entitlements Keys</title>+
+<t:string>+
+<t:length id="csvLength" max-length="2147483647">+
+<t:violation-message>Entitlements csv must be a string of valid length.</t:violation-message>+
+</t:length>+
+</t:string>+
+</argument>+
+</arguments>+
+<snapshot-logic-definition plugin-pack-id="oracle.iam.rm.bizlogic.plugin.standard_ext" plugin-id="reconcile_ITRole">+
+<ext config-version="1.0">+
+<config>+
+<![CDATA[+
+<reconcile-entity-with-mappings xmlns="http://xmlns.oracle.com/iam/rm/bizlogic/plugin/standard_ext/1_0" entity-type="itRole" identifying-attribute="oimAccessPolicyId">+
+<mappings>+
+<mappings-config related-entity-type="itPrivilege" related-entity-source-identifying-attribute="oimEntitlementId" related-entity-identifying-attribute="itPrivilege_id" relationship-entity-type="itRolePrivilegeMapping" identifying-attribute="itRole_id" />+
+</mappings>+
+<attributes>+
+<attribute attribute-id="oimAccessPolicyId" argument-id="oimAccessPolicyId"/>+
+     <attribute attribute-id="displayName" argument-id="displayName"/>+
+     <attribute attribute-id="oimEntitlementId" argument-id="entitlements"/>+
+</attributes>+
+</reconcile-entity-with-mappings> ]]>+
+</config>+
+</ext>+
+</snapshot-logic-definition>+
+</business-transaction>+
+<business-transaction id="reconcileUserGroups" related-object-type="businessRole" permission="manage">+
+<title>Reconcile Business Role</title>+
+<audit-event>+
+<argument-mappings>+
+<input-argument-mapping argument-id="0" input-argument-id="displayName" dereference="false"/>+
+<input-argument-mapping argument-id="1" input-argument-id="oimUserGroupId" dereference="false"/>+
+</argument-mappings>+
+<message>+
+<i18n:message> Business Role ''{0}'' with OIM User Group key {1} was created as a result of integration with OIM.</i18n:message>+
+<i18n:arguments>+
+<i18n:argument type="string">+
+<i18n:description>Name of the Business Role.</i18n:description>+
+</i18n:argument>+
+</i18n:arguments>+
+</message>+
+</audit-event>+
+<arguments>+
+<argument id="oimUserGroupId">+
+<title>OIM User Group Key</title>+
+<related-object-type>businessRole</related-object-type>+
+<related-object-attribute>oimUserGroupId</related-object-attribute>+
+</argument>+
+<argument id="displayName">+
+<title>Display Name</title>+
+<related-object-type>businessRole</related-object-type>+
+<related-object-attribute>displayName</related-object-attribute>+
+</argument>+
+<argument id="rule">+
+<title>Membership Rule of Dynamic Business Role</title>+
+<related-object-type>businessRole</related-object-type>+
+<related-object-attribute>membershipRule</related-object-attribute>+
+</argument>+
+<argument id="accessPoliciesMapping">+
+<title>Business Role to IT Role Mapping</title>+
+<t:string>+
+<t:length id="csvLength" max-length="2147483647">+
+<t:violation-message>Access policies csv must be a string of valid length.</t:violation-message>+
+</t:length>+
+</t:string>+
+</argument>+
+<argument id="members">+
+<title>Members of Business Role</title>+
+<t:string>+
+<t:length id="csvLength" max-length="2147483647">+
+<t:violation-message>Members csv must be a string of valid length.</t:violation-message>+
+</t:length>+
+</t:string>+
+</argument>+
+</arguments>+
+<snapshot-logic-definition plugin-pack-id="oracle.iam.rm.bizlogic.plugin.standard_ext" plugin-id="reconcile_BusinessRole">+
+<ext config-version="1.0">+
+<config>+
+<![CDATA[+
+<reconcile-entity-with-mappings xmlns="http://xmlns.oracle.com/iam/rm/bizlogic/plugin/standard_ext/1_0" entity-type="businessRole" identifying-attribute="oimUserGroupId" >+
+<mappings>+
+<mappings-config related-entity-type="itRole" related-entity-identifying-attribute="itRole_id" related-entity-source-identifying-attribute="oimAccessPolicyId" relationship-entity-type="roleMapping" identifying-attribute="businessRole_id"/>+
+     <mappings-config related-entity-type="person" related-entity-identifying-attribute="grantee_id" related-entity-source-identifying-attribute="oimId" relationship-entity-type="roleGrant" identifying-attribute="role_id"/>+
+</mappings>+
+<attributes>+
+<attribute attribute-id="oimUserGroupId" argument-id="oimUserGroupId"/>+
+<attribute attribute-id="displayName" argument-id="displayName"/>+
+<attribute attribute-id="membershipRule" argument-id="rule"/>+
+<attribute attribute-id="oimAccessPolicyId" argument-id="accessPoliciesMapping"/>+
+<attribute attribute-id="oimId" argument-id="members"/>+
+</attributes>+
+</reconcile-entity-with-mappings>+
+]]>+
+</config>+
+</ext>+
+</snapshot-logic-definition>+
+</business-transaction>+

Not able to see the users in Authorization Policy Manager

I have configured a OID provider in the myrealm of weblogic for OES Server. I also added the following lines to jps-config.xml
<serviceInstance provider=”idstore.ldap.provider” name=”idstore.ldap”>
<property value=”oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider” name=”idstore.config.provider”/>
<property value=”oracle.security.idm.providers.stdldap.JNDIPool” name=”CONNECTION_POOL_CLASS”/>
<property name=”idstore.type” value=”OID”/>
</serviceInstance>
Even then I cannot see any of the users from the OID through application policy manager.
Anybody aware of any other settings that need to be done ?
oes server version is 11.1.1.6. and OID is 11.1.1.5.
Any help will be appreciated.
Edited by: ssarkar on May 10, 2012 1:15 PM

externalize the users.

Josso not able authenticate against sun directory configuration

I trying configure josso-1.5 and jboss 4.x to sun directory server.
I getting error in the screen: Invalid Authentication Information
It works against openldap
Please let me know, i need do any special configuration for sun directory server
console log.
12:12:33,453 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,468 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,468 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.util.LocalStrings', returnNull=tru
e
12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.bean.LocalStrings', returnN
ull=true
12:13:02,171 INFO [TilesRequestProcessor] Tiles definition factory found for request processor ''.
12:13:02,250 INFO [ConfigurationFactory] Trying to load configuration josso-gateway-config.xml
12:13:02,265 INFO [ComponentKeeperImpl] SSO Config from [file:/C:/Jboss405/jboss-4.0.5.GA/jboss-4.0.5.GA/server/default
/./tmp/deploy/tmp36339josso.ear-contents/josso-exp.war/WEB-INF/classes/josso-config.xml]
12:13:02,281 INFO [STDOUT] THe crendentials are ->[Lorg.josso.auth.Credential;@b65a68
12:13:02,281 INFO [STDOUT] THe SSO context is org.josso.gateway.SSOContextImpl@1e99db4
12:13:02,281 INFO [STDOUT] THe gateway is ->org.josso.gateway.SSOGatewayImpl@70cdd2
12:13:02,281 INFO [STDOUT] THe scheme is ->basic-authentication
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@3
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@7
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@9
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@10
12:13:02,312 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:02,312 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:07,000 INFO [STDOUT] ################################ LOGGED in TO LDAP SERVER ############# javax.naming.ldap.In
itialLdapContext@142c63f
12:13:07,000 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@3
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@7
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@9
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@10
12:13:07,046 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:07,062 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:11,640 INFO [STDOUT] ################################ LOGGED in TO LDAP SERVER ############# javax.naming.ldap.In
itialLdapContext@a14fed
12:13:11,656 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12
12:13:11,718 INFO [SSO_AUDIT] Sat Aug 11 12:13:11 PDT 2007 - sso-user - info - user1 - authenticationFailed=failure - r
emoteHost=127.0.0.1,authScheme=basic-authentication - ERROR:user1:org.josso.auth.exceptions.AuthenticationFailureExcepti
on
12:13:11,812 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:13:11,828 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true

ar, mine was a mistake.
I changed password to plain and my ldap data to none crypt password.
Also I commented out


lines.
INFO: Trying to load configuration josso-gateway-config.xml
2008/01/30 23:12:33 org.josso.ComponentKeeperImpl loadConfig
INFO: SSO Config from [file:/opt/apache-tomcat-6.0.14_josso-1.6/bin/josso-config.xml]
2008/01/30 23:12:33 org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle
INFO: Wed Jan 30 23:12:33 JST 2008 - sso-session - info - - createSession=success - ssoSessionId=3BD8CB4222046B3ECA68A29DCC54FD44
2008/01/30 23:12:33 org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle
INFO: Wed Jan 30 23:12:33 JST 2008 - sso-user - info - user1 - authenticationSuccess=success - remoteHost=192.168.100.200,authScheme=basic-authentication,ssoSessionId=3BD8CB4222046B3ECA68A29DCC54FD44
2008/01/30 23:12:33 org.josso.gateway.signon.LoginAction login
WARN: No 'BACK TO' URL received or configured ... using default forward rule !

Not able to use Alert Configuration/Alert Inbox in the Runtime Workbench

Hi Experts,
I have installed PI 7.1 on my system. I'm not able to use the Alert Configuration/Alert Inbox in the Runtime WorkBench. It is asking for a logon and the logon which i used for ABAP & Java Stack is not working.
e.g., For ABAP Stack, the User Id is: "sapuser" & For Java Stack, the User Id is: "pisuper". But, both these User Id's are not working for the Alert Configuration/Alert Inbox in the RWB.
Can someone pls suggest me, how to proceed?
Br
G@nesh

Hi Preethi,
Can u pls help me, how to check whether the relevant roles are assigned to this user i.e., pisuper for the JAVA stack in the UME or not? i even tried to use Alert Configuration/Alert Inbox with the User ID: ddic & j2ee_admin, but it too didn't work...
I would like to use Alert Configuration/Alert Inbox with my User Id: pisuper, which i'm using to logon to the JAVA stack
while exploring, i logged on to the useradmin page i.e., http://p71:58800/useradmin with the User Id: j2ee_admin... If this is correct, can u pls let me know how can i add the necessary roles to my User Id: pisuper so that i can use Alert Configuration/Alert Inbox with my User Id: pisuper
Br
G@nesh

Not able to do CPA cache refresh

Hi,
I am trying to do the CPA cache refresh through the URL: http://<hostname>:<port>/CPACache/refresh?mode=full. But I am not able to do it due to authorization problems. I tried with different users like: PIAPPLUSER, PIAFUSER, J2EE_ADMIN etc. I am getting an error saying: " You are not authorized to view the requested resource." Can anybody tell me what is the problem here?
Thanks and Regards,
Divija.

Use PIDIRUSER
Regards,
Prateek

After TACACS configured, Authenticate successfully but not able to go in config mode.

Hi All,
I Have Cisco 4710 ACE, and configured TACACS on ACE for authentication and accounting. Configuration paste below.
I am able to authenticate with ACS server 5.1 but not able to go in config mode of ACE 4710.
Debug output attached.
Need help on this.
tacacs-server key 7 "wwxfeootjv"
tacacs-server timeout 60
tacacs-server host 128.9.31.70 key 7 "wwxfeootjv"
aaa group server tacacs+ TACACS_Group_Server
server 128.9.31.70
ntp server 128.9.24.58
aaa authentication login default group TACACS_Group_Server
aaa accounting default group TACACS_Group_Server
Below Logs are coming on Device.
Sep 19 2010 16:35:55 : %ACE-6-302022: Built TCP connection 0x3853a for vlan1000:172.24.24.70/16477 (172.24.24.70/16477) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:35:55 : %ACE-6-302023: Teardown TCP connection 0x3853a for vlan1000:172.24.24.70/16477 (172.24.24.70/16477) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 743 TCP FINs
Sep 19 2010 16:35:58 : %ACE-6-302022: Built TCP connection 0x38570 for vlan1000:172.24.24.70/16480 (172.24.24.70/16480) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:35:58 : %ACE-6-302023: Teardown TCP connection 0x38570 for vlan1000:172.24.24.70/16480 (172.24.24.70/16480) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 742 TCP FINs
Sep 19 2010 16:37:51 : %ACE-6-302022: Built TCP connection 0x38aff for vlan1000:172.24.24.70/16545 (172.24.24.70/16545) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:37:51 : %ACE-6-302023: Teardown TCP connection 0x38aff for vlan1000:172.24.24.70/16545 (172.24.24.70/16545) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 736 TCP FINs
Sep 19 2010 16:38:21 : %ACE-6-302022: Built TCP connection 0x38c9d for vlan1000:172.24.24.70/16559 (172.24.24.70/16559) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:38:21 : %ACE-6-302022: Built TCP connection 0x38c9f for vlan1000:172.24.24.70/16560 (172.24.24.70/16560) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:38:21 : %ACE-6-302023: Teardown TCP connection 0x38c9d for vlan1000:172.24.24.70/16559 (172.24.24.70/16559) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 722 TCP FINs
Sep 19 2010 16:38:21 : %ACE-6-302023: Teardown TCP connection 0x38c9f for vlan1000:172.24.24.70/16560 (172.24.24.70/16560) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 788 TCP FINs
Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38ce1 for vlan1000:172.24.24.70/16565 (172.24.24.70/16565) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38cff for vlan1000:172.24.24.70/16566 (172.24.24.70/16566) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38ce1 for vlan1000:172.24.24.70/16565 (172.24.24.70/16565) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 661 TCP FINs
Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38cff for vlan1000:172.24.24.70/16566 (172.24.24.70/16566) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 712 TCP FINs
Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38cf5 for vlan1000:172.24.24.70/16567 (172.24.24.70/16567) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38cf5 for vlan1000:172.24.24.70/16567 (172.24.24.70/16567) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 724 TCP FINs
Sep 19 2010 16:39:41 : %ACE-6-302022: Built TCP connection 0x390a1 for vlan1000:172.24.24.70/3883 (172.24.24.70/3883) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:39:41 : %ACE-6-302023: Teardown TCP connection 0x390a1 for vlan1000:172.24.24.70/3883 (172.24.24.70/3883) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
0:00 bytes 737 TCP FINs
Sep 19 2010 16:40:20 : %ACE-6-302022: Built TCP connection 0x3929b for vlan1000:172.24.24.70/3902 (172.24.24.70/3902) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:40:20 : %ACE-6-302022: Built TCP connection 0x392ab for vlan1000:172.24.24.70/3903 (172.24.24.70/3903) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:40:20 : %ACE-6-302023: Teardown TCP connection 0x3929b for vlan1000:172.24.24.70/3902 (172.24.24.70/3902) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
0:00 bytes 722 TCP FINs
Sep 19 2010 16:40:20 : %ACE-6-302023: Teardown TCP connection 0x392ab for vlan1000:172.24.24.70/3903 (172.24.24.70/3903) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
0:00 bytes 791 TCP FINs
Sep 19 2010 16:45:17 : %ACE-6-302022: Built TCP connection 0x3a127 for vlan1000:172.24.24.70/53389 (172.24.24.70/53389) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:45:17 : %ACE-6-302023: Teardown TCP connection 0x3a127 for vlan1000:172.24.24.70/53389 (172.24.24.70/53389) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 723 TCP FINs
Sep 19 2010 16:46:11 : %ACE-6-302022: Built TCP connection 0x3a3b3 for vlan1000:172.24.24.70/53414 (172.24.24.70/53414) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:46:11 : %ACE-6-302022: Built TCP connection 0x3a3c3 for vlan1000:172.24.24.70/53415 (172.24.24.70/53415) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:46:11 : %ACE-6-302023: Teardown TCP connection 0x3a3b3 for vlan1000:172.24.24.70/53414 (172.24.24.70/53414) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 722 TCP FINs
Sep 19 2010 16:46:11 : %ACE-6-302023: Teardown TCP connection 0x3a3c3 for vlan1000:172.24.24.70/53415 (172.24.24.70/53415) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 788 TCP FINs
Sep 19 2010 16:46:23 : %ACE-6-302022: Built TCP connection 0x3a467 for vlan1000:172.24.24.70/53422 (172.24.24.70/53422) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:46:23 : %ACE-6-302022: Built TCP connection 0x3a469 for vlan1000:172.24.24.70/53423 (172.24.24.70/53423) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
Sep 19 2010 16:46:23 : %ACE-6-302023: Teardown TCP connection 0x3a467 for vlan1000:172.24.24.70/53422 (172.24.24.70/53422) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 661 TCP FINs
Sep 19 2010 16:46:23 : %ACE-6-302023: Teardown TCP connection 0x3a469 for vlan1000:172.24.24.70/53423 (172.24.24.70/53423) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
:00:00 bytes 712 TCP FINs
Regards
MS.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/aaa.html#wp1411787
To configure the TACACS+ role and domain settings on Cisco Secure ACS, perform the following steps:
Step 1 Go to the Interface Configuration section of the Cisco Secure ACS HTML interface and access the TACACS+ (Cisco IOS) page. Perform the following actions:
a. Under the TACACS+ Services section of the page, the User column or the Group column depending on your configuration, check the Shell (exec) check box.
b. Under the Advanced Configuration Options section of the page, check the Display a window for each service selected in which you can enter customized TACACS+ attributes check box.
c. Click Submit.
Step 2 Go to the Advanced Options page of the Interface Configuration section of the Cisco Secure ACS HTML interface. Perform the following actions:
a. Check the Per-user TACACS+/RADIUS Attributes check box.
b. Click Submit.
Step 3 Go to the User Setup section of the Cisco Secure ACS HTML interface and double-click the name of an existing user that you want to define a user profile attribute for virtualization. The User Setup page appears.
Step 4 Under the TACACS+ Settings section of the page, configure the following settings:
•Check the Shell (exec) check box.
•Check the Custom attributes check box.
•In the text box under the Custom attributes, enter the user role and associated domain for a specific context in the following format:
shell:= ...
For example, to assign the selected user to the C1 context with the role ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1 DOMAIN1.
You can also substitute an asterisk (*) for the equals sign (=) as follows:
shell:* ...
Use the above shell string if you are also using Cisco IOS command authorization.
Step 5 Under the Checking This option Will PERMIT all UNKNOWN Services section of the page, check the Default (Undefined) Services check box to permit unknown services.
Step 6 Click Submit when you finish configuring the TACACS+ role and domain settings.
For example, if USER1 is assigned the role ADMIN and the domain MYDOMAIN1 (where shell:Admin=ADMIN MYDOMAIN1), then one of the following can occur:
•If USER1 logs in through the Admin context, that user is automatically assigned the Admin role and the MyDomain1 domain.
•If USER1 logs in through a different context, that user is automatically assigned the default role (Network-Monitor) and the default domain (default-domain). In this case, the user profile attribute is not obtained from the TACACS+ server during authentication.
Gilles.

Not able to login after configuring SSH.Please reply

i have configured AAA on Cisco aeronet 1400 series wireless bridge (AIR-BR1410A-A-K9).After configuring i am not able to login to the device via telnet and via putty.Soon after enabling SSH i am not able to login even through SSH.The below are the commands i have configured on the device.I used to configure the same commands on my Cisco Switches also.
Layer -2
ip domain-name NETS
crypto key generate rsa general-keys modulus 1024
ip ssh version 2
aaa new-model
aaa authentication login Login-LAN group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa accounting exec EXEC-LAN-L2 start-stop group tacacs+
aaa accounting commands 1 Level-1-LAN-L2 start-stop group tacacs+
aaa accounting commands 15 Level-15-LAN-L2 start-stop group tacacs+
tacacs-server host 10.254.0.140 key !n01#zh3r3@|2
line vty 0 4
accounting commands 1 Level-1-LAN-L2
accounting commands 15 Level-15-LAN-L2
accounting exec EXEC-LAN-L2
login authentication Login-LAN
transport input ssh

Hi,
Check out the connectivity between cisco aeronet and TACAS server and what is the failed logs says in tacas server.
If possible try to change the configuration to aaa authentication login Login-LAN(default) group tacacs+ line and then try what exactly happens.
Hope that helps
Regards
Ganesh.H

Not able to configure SSH

Hi,
I'm using 1841 router.My question is I'm not able to configure SSH in this router ,Any IOS problem?
Sh version
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO
FTWARE (fc1)

Hi Karthick
You are currently running IP BASE Feature Set ios on your router you need to upgrade the same to Advanced Security Services or SP Services Feature set to have SSH support in your router..
http://www.cisco.com/en/US/products/sw/iosswrel/ps5460/index.html
regds

OIM is not able to Restart the Domain when I am trying to configure it with the Config.sh

Hi,
I am a newbee here. Below is the complete details about my problem:
I have installed WLS1211 (64-Bit) on OEL 6.3 OS & also installed the OIM 11.1.1.7 (64-Bit) on the same machine.
When I am trying to configure the OIM (using config.sh file), system fails to restart the domain & in turn fails the configuration. I navigated to the domain created for OIM and verified that log file displays following error:
####<Sep 6, 2013 7:41:16 PM IST> <Info> <Server> <blr2211427> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676195> <BEA-002609> <Channel Service initialized.>
####<Sep 6, 2013 7:41:16 PM IST> <Info> <Socket> <blr2211427> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676216> <BEA-000415> <System has file descriptor limits of soft: 65,536, hard: 65,536>
####<Sep 6, 2013 7:41:16 PM IST> <Info> <Socket> <blr2211427> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676218> <BEA-000416> <Using effective file descriptor limit of: 65,536 open sockets and files.>
####<Sep 6, 2013 7:41:16 PM IST> <Info> <Socket> <blr2211427> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676218> <BEA-000406> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
####<Sep 6, 2013 7:41:16 PM IST> <Info> <Socket> <blr2211427> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676238> <BEA-000436> <Allocating 3 reader threads.>
####<Sep 6, 2013 7:41:16 PM IST> <Info> <Socket> <blr2211427> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676238> <BEA-000446> <Native I/O enabled.>
####<Sep 6, 2013 7:41:16 PM IST> <Info> <IIOP> <blr2211427> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476676483> <BEA-002014> <IIOP subsystem enabled.>
####<Sep 6, 2013 7:41:20 PM IST> <Error> <Security> <blr2211427> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1378476680681> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.>
####<Sep 6, 2013 7:41:20 PM IST> <Critical> <WebLogicServer> <blr2211427> <AdminServer> <main> <<WLS Kernel>> <> <> <1378476680682> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:148)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.JpsRuntimeException: JPS-06514: Opening of file based keystore failed.
    at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:170)
    at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at java.lang.Class.newInstance(Class.java:374)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:148)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.JpsException: JPS-06514: Opening of file based keystore failed.
    at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2984)
    at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3226)
    at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
    at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at java.lang.Class.newInstance(Class.java:374)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:148)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based keystore failed.
    at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:406)
    at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:352)
    at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:122)
    at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:88)
    at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:164)
    at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:91)
    at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:68)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
    at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2956)
    at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2950)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2950)
    at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3226)
    at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
    at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at java.lang.Class.newInstance(Class.java:374)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:148)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
####<Sep 6, 2013 7:41:20 PM IST> <Notice> <WebLogicServer> <blr2211427> <AdminServer> <main> <<WLS Kernel>> <> <> <1378476680728> <BEA-000365> <Server state changed to FAILED.>
####<Sep 6, 2013 7:41:20 PM IST> <Error> <WebLogicServer> <blr2211427> <AdminServer> <main> <<WLS Kernel>> <> <> <1378476680728> <BEA-000383> <A critical service failed. The server will shut itself down.>
####<Sep 6, 2013 7:41:20 PM IST> <Notice> <WebLogicServer> <blr2211427> <AdminServer> <main> <<WLS Kernel>> <> <> <1378476680735> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
####<Sep 6, 2013 7:41:20 PM IST> <Info> <WebLogicServer> <blr2211427> <AdminServer> <main> <<WLS Kernel>> <> <> <1378476680754> <BEA-000236> <Stopping execute threads.>
When I tried to google it to find some information I found that I need to provide full access (0777) to the cwallet.sso file available under the MW_HOME\user_projects\domains\domain_name\config\fmwconfig\bootstrap\ location. I did this but was not able to succeed.
I followed following link: http://www.techpaste.com/2012/04/jpsruntimeexception-jps-06514-opening-file-based-keystore-failed/
Also tried other solutions mentioned there but non worked.
Please help.

have you tried taking the backup of keystore.xml and cwallet.sso file, delete them and then restart admin server?

CRMD_ORDER (Quotaion) - "Configuration" tab - (not able to see HTML page)

Hi Gurus
when I open a quotation through CRMD_ORDER, in th items "configuration" tab I am not able to see the HTML page. I am here at offshore. But my onsite guys are able to see that. Please let me know what causes it not be displayed.
Please help me. It is very Urgent

Dear Jitendra,
In Production Order you will find Component and Operation screen under two different icons (not tab) production Header screen.
- For Component Overview it is something like Balance or on pressing F6 you will branch to Component overview Screen.You will find it just after Hat icon
- And for Operation over view it looks like ladder or on pressing F5 you will branch directly to operation screen.you will find this icon just after Component overview Icon.

Not able to configure IDM 11.1.1.7 in RHEL

Hi,
Installed below componnets in silent mode
Java 1.6
WLS 10.3.6
IDM 11.1.1.7
while configuring IDM(for OIF) in silent mode based from response file, it is getting stuck at CREATE DOMAIN. In Install out file, log says starting domain and it stays there for long time. But I am not able to continue further.
I am seeing below warnings in install log file
[2015-03-18T16:41:57.229-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/com.bea.core.weblogic.security.identity_1.1.2.0.jar
[2015-03-18T16:41:57.230-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/patch_wls1032/profiles/default/sys_manifest_classpath/weblogic_patch.jar
[2015-03-18T16:41:57.238-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/jrockit_160_14_R27.6.4-18/lib/tools.jar
[2015-03-18T16:41:57.285-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/wlserver_10.3/server/lib/weblogic_sp.jar
[2015-03-18T16:41:57.286-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/features/weblogic.server.modules_10.3.2.0.jar
[2015-03-18T16:41:57.287-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/org.apache.ant_1.7.0/lib/ant-all.jar
[2015-03-18T16:41:57.287-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar
[2015-03-18T16:41:57.287-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/wlserver_10.3/common/eval/pointbase/lib/pbembedded57.jar
[2015-03-18T16:41:57.288-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/wlserver_10.3/common/eval/pointbase/lib/pbclient57.jar
[2015-03-18T16:41:57.288-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/wlserver_10.3/common/eval/pointbase/lib/pbtools57.jar
[2015-03-18T16:41:57.312-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/org.apache.ant_1.7.0/lib/ant-all.jar
[2015-03-18T16:41:57.343-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/org.apache.ant_1.7.0/lib/ant.jar
[2015-03-18T16:41:57.344-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/org.apache.ant_1.7.0/lib/ant-launcher.jar
[2015-03-18T16:41:57.344-04:00] [as] [WARNING] [] [oracle.as.install.engine.modules.configuration.client.ConfigActionClassLoader] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [Action]: Bootstrap Domain Configuration. Library not found: /opt/weblogic/middleware11g/modules/features/weblogic.server.modules_10.3.1.0.jar
Admin Server is coming up after long time and I am able to access weblogic console.
But in logs, it trys to connect to admin server and says could not connect.
[2015-03-18T17:52:29.787-04:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [SRC_CLASS: oracle.as.idm.install.config.event.IdMProvisionEventListener] [SRC_METHOD: onConfigurationStatus] [OOB IDM CONFIG EVENT] onConfigurationStatus ->23389ae6-ec6d-4830-b97e-2510c75ad281 StatusMsg:Connecting to AdminServer.
[2015-03-18T17:52:29.787-04:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] reportStartConfigAction: EXIT........
[2015-03-18T17:52:29.788-04:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [[
java.io.IOException
at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:196)
at weblogic.management.remote.common.ClientProviderBase.newJMXConnector(ClientProviderBase.java:84)
at javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:338)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
at oracle.as.provisioning.weblogic.AdminServer.connect(AdminServer.java:98)
at oracle.as.provisioning.weblogic.ASDomain._connectToAdminServer(ASDomain.java:409)
at oracle.as.provisioning.weblogic.ASDomain.connectToAdminServer(ASDomain.java:363)
at oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:411)
at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:866)
at oracle.as.idm.install.config.BootstrapConfigManager.doExecute(BootstrapConfigManager.java:1088)
at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:375)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:88)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:105)
at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:96)
at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:186)
at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.ServiceUnavailableException [Root exception is java.net.UnknownHostException: vsvphxoamdev01.hotelgroup.com]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:34)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:792)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:366)
at weblogic.jndi.Environment.getContext(Environment.java:315)
at weblogic.jndi.Environment.getContext(Environment.java:285)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:178)
... 18 more
Caused by: java.net.UnknownHostException: vsvphxoamdev01.hotelgroup.com
at java.net.InetAddress.getAllByName0(InetAddress.java:1157)
at java.net.InetAddress.getAllByName(InetAddress.java:1083)
at java.net.InetAddress.getAllByName(InetAddress.java:1019)
at weblogic.rjvm.RJVMFinder.getDnsEntries(RJVMFinder.java:422)
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:192)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:165)
at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:345)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:340)
... 26 more
[2015-03-18T17:52:29.789-04:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [SRC_CLASS: IdMProvisioningEventListener] [SRC_METHOD: onConfigurationError] ENTRY 23389ae6-ec6d-4830-b97e-2510c75ad281
[2015-03-18T17:52:29.789-04:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [SRC_CLASS: oracle.as.idm.install.config.event.IdMProvisionEventListener] [SRC_METHOD: onConfigurationError] ________________________________________________________________________________
[2015-03-18T17:52:29.789-04:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [SRC_CLASS: oracle.as.idm.install.config.event.IdMProvisionEventListener] [SRC_METHOD: onConfigurationError] [OOB IDM CONFIG EVENT] onConfigurationError -> configGUID 23389ae6-ec6d-4830-b97e-2510c75ad281
[2015-03-18T17:52:29.790-04:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [SRC_CLASS: oracle.as.idm.install.config.event.IdMProvisionEventListener] [SRC_METHOD: onConfigurationError] [OOB IDM CONFIG EVENT] ErrorID: 35006
[2015-03-18T17:52:29.790-04:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 13] [ecid: 0000Kkibk_c2JRS_uDs1yX1L2UCH000004,0] [SRC_CLASS: oracle.as.idm.install.config.event.IdMProvisionEventListener] [SRC_METHOD: onConfigurationError] [OOB IDM CONFIG EVENT] Description: [[
Unable to connect to the AdminServer.
Cause:
An internal operation has failed:java.io.IOException
Action:
See logs for more details.

I have verified host file entry also. It looks fine
-bash-4.1$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.86.60.229 vsvphxoampoc01.hotelgroup.com
10.86.231.100 phxasn4_bu
10.86.240.204 phxasn4
::1 localhost loopback

Not able to configure Act As in OBIEE 11g - The application is logging out

Hi All,
We are trying to configure Act As in OBIEE 11g. The list of users gets populated when I click on Act As. However, when I select any user from the list, the applications logs out. The possible reason could be that OBIEE is not able to authenticate the user (We are using table based Authentication). Please give some pointers to fix it.
Also, I am curious to understand the authentication process in case of Act As. The list that gets populated is a list of target users from the table. In our case, the username and display name gets populated. But, how does OBIEE check if that is a valid user or not?
Thanks in Anticipation,
Karan

Does Act As functionality work with BI Publisher? I am able to login and select Act As and pick a user and view all dashboards, however when I click a PDF embedded in a dashboard page from Publisher, it says Unauthorized Access: please contact the administrator. If I am logged in as myself I can view the PDF. If I am logged in as the user I acting as I can view the pdf, but if I login as myself and act as that user and try and view it, that is when the error occurs, so am wondering is Act As is incompatible with BI Pub.

Certain songs wont transfer from Itunes to Iphone, telling me to authorize computer and when I do so, it's telling me that computer is already authorized. So why am I not able to tranfer certain songs from itunes to my iphone?

Certain songs wont transfer from my itunes to my iphone, it's telling me that the computer is not authorized but once I go up to Store and authorize computer and enter in my info, it tells me that the computer is already authorized. So why am I not able to transfer certain songs from my itunes to my iphone?

Hello Jfalconi19,
Thank you for providing the details of the issue you are experiencing with transferring the apps purchased from the iTunes Store. I recommend following the steps in this article:
iTunes repeatedly prompts to authorize computer to play iTunes Store purchases
http://support.apple.com/kb/ts1389
Thank you for using Apple Support Communities.
Best,
Sheila M.

Not able to decide on : Mission Configurable Authorization

Similar Messages

Maybe you are looking for