OAM11g redirection on authorization
Is there a way wherein in OAM when the authorization is succeded depending on the header in the response, the redirection is done to two different URLs.
The scenario is :
On logging in from my homepage depending on the header, the redirection should be either to an ihavelanding page or the passwordmanagement page. The checking is if the user is logging in for the first time after registration he has to be sent to the passwordmanagement page otherwise he has to be sent to the ihavelanding page.For this checking we have a passwordflag which is set to false if he is a first time user, but if he is a old user then it is set to true. The password management page is not the one in OIM but developed by another team.
what i have done:
From the homepage, i have given a link to the ihavelanding page and protected it in the protected resource policy.
The homepage.jsp and the passwordmanagement.jsp and an intermediary.jsp are all given in the public resource policy.
The intermediary.jsp is given as a success URL in the protected policy.
In the protected resource policy i have given the passwordflag as the response.
In the intermediary.jsp i have checked for the header and i am redirecting it accordingly.
the problem:
Since i am giving the intermediary.jsp as the success url, everytime the ihavelanding.jsp is requested, the intermediary.jsp is triggered and again since the page is redirected to ihavelanding.jsp it calls the intermediary.jsp and it becomes a loop and i am getting an error which says something like " the server is redirecting the request for this address in a way that will never complete" which means it goes into a infinite loop.
Any ideas how to solve this problem.
"jaideep" <[email protected]> wrote in message
news:3fefcb0a$[email protected]..
>
"Craig" <[email protected]> wrote:
"jaideep" <[email protected]> wrote:
Hi,
We atre using weblogic 7 authentication and authorization service to
secure our
web resources (URL's). This is being done declaritively through web.xml
and weblogic.xml.
Presently in case of any authorization failure, the user is redirected
to the
login page. How ever we want the user to be redirected to a seperate
error page
in case of authoroization failure. How can we configure that in ourapplication.
TIAI believe the <error-page> tag is what you want to use:
http://edocs.bea.com/wls/docs81/webapp/web_xml.html#1017571
Hi Craig
We have already tried with <error-page> tag, but the problem with this iseven
in case of time out the page is redirected to that page which is not whatwe require.
Is there anyway to redirect to a specific page in case of authorisationfailure
only.
I would ask in the weblogic.developer.interest.servlet newsgroup.
Similar Messages
-
Configure redirection upon authorization denial ?
Suppose a web app that can be accessed using 3 URLs (i.e. 3 server names pointign to the same app server).
URL A is for intranet and users that use it should be authenticated with SPNEGO.
URL B is for extranet and users that use it should be authenticated with a form
URL C is for internet and users do not have to be authenticated.
Using XACML, I believe I should be able to express this authorization policy, using BEA extensions to perform the request.getServerName() call that would return the string representing the URL's server name.
However from my understanding this XACML policy will just decide whether the action is permitted or denied.
In case it is denied, I would like to redirect the suer to an authentication page that depends on the server name he tried to access :
if the user was accessing URL A, then I would like the user to be redirected to a specific web app that would enforce a SPNEGO authentication.
If the user was accessing URL B, then I would like the user to be redirected to a specific web app that would enforce FORM authentication.
How can I do that with WebLogic Server 9.2 ?"jaideep" <[email protected]> wrote in message
news:3fefcb0a$[email protected]..
>
"Craig" <[email protected]> wrote:
"jaideep" <[email protected]> wrote:
Hi,
We atre using weblogic 7 authentication and authorization service to
secure our
web resources (URL's). This is being done declaritively through web.xml
and weblogic.xml.
Presently in case of any authorization failure, the user is redirected
to the
login page. How ever we want the user to be redirected to a seperate
error page
in case of authoroization failure. How can we configure that in ourapplication.
TIAI believe the <error-page> tag is what you want to use:
http://edocs.bea.com/wls/docs81/webapp/web_xml.html#1017571
Hi Craig
We have already tried with <error-page> tag, but the problem with this iseven
in case of time out the page is redirected to that page which is not whatwe require.
Is there anyway to redirect to a specific page in case of authorisationfailure
only.
I would ask in the weblogic.developer.interest.servlet newsgroup. -
PowerBI & Azure Stream Analytics jobs login issue
Hello team,
We are working as early-adopter partner for Azure Stream Analytics along with azure IoT suite, we recently have got 'PowerBI' services enabled as 'output' connector of stream analytics job on our corporate subscription & accessing our same org. id to
login into Azure Stream analytics & powerBI services.
But, to the great surprise, after creating SA job, configured 'powerbi' as output , it's getting redirect for authorization , applied powerbi 'dataset' & 'table' name. But, after logged into the app.powerbi.com portal, not able to see the 'stream analytics
job dataset' & 'table'.
Note: We are using same Org id for login & creating SA jobs & login into powerbi preview portal.
Would be great if there's a specific instructions/guide for connecting powerbi with ASA job apart from this. Any pointer will be appreciated.
Thanks,
Anindita Basak
MAX451, Inc.
AninditaHello there,
Thanks for the reply.
No , we're not able to see any event status as 'Failed' on SA operation logs. Attached the relevant screenshot of event logs.
The jobs are running fine, if we use SQL Azure tables as 'output' connector, the data is available. Only using PowerBI output connector, 'datasets' are not visible though we're using same org id (i.e
[email protected]) for creation of ASA jobs & login into powerbi subscription.
Thanks for your help!.
Anindita Basak
MAX451, Inc
Anindita -
Another OAM 10g policy evaluation question
I have a policy with authz expression= Rule A & Rule B & Rule C:
Rule A:
Allow: ldap_attr_1 = X
Deny: no one is denied
Allow preceeds denial: true
Authz failure redirection URL: URL1
Rule B:
Allow: ldap_attr_2 = Y
Deny: no one is denied
Allow preceeds denial: true
Authz failure redirection URL: URL1
Rule C:
Allow: anyone is allowed
Deny: ldap_attr_3 = Z
Allow preceeds denial: false
Authz failure redirection URL: URL2
My user profile has ldap_attr_1=X, ldap_attr_2=Y, ldap_attr_3=Z, I expect access to be denied based on Rule C and user redirected to URL2. Instead I see authorization = Inconclusive and Rule=<not found>.
If user has ldap_attr_1=X, ldap_attr_2=Y and NOT ldap_attr_3=Z I am getting correct evaluation - user is authorized.
Any ideas how to make this working? Basically I want user to be redirected to the URL that is defined in the rule that caused denial.
Thanks,
AlexHi Colin,
Here's what I have:
Authz Rule: Rule1
Access allowed: Any one
Access denied: ldap rule (attr=value)
Allow takes precedence: false
Actions: redirect to URL1 on denied
You can use any attribute and any value, i am using my custom attribute. Then I protect a resource /myresource with policy Policy1 that only has this rule. Set up attr=value and access tester shows redirection to URL1. Now 2 more rules:
Authz Rule: Rule2
Access allowed: ldap rule (o=org)
Access denied: no one is denied
Allow takes precedence: true
Actions: no actions
Authz Rule: Rule3
Access allowed: ldap rule (title=title)
Access denied: no one is denied
Allow takes precedence: true
Actions: no actions
And Policy2 has authz expression Rule2 AND Rule3 AND Rule1. And Policy2 has action: redirect on authorization inconclusive to URL2. My user's profile has o=org, title=title, attr=value. Access tester shows redirection to URL2.
Thanks,
Alex -
Authorization Failure Redirect URL in OAM
Hi,
From OAM policies i want to redirect a user to Authorization Failure page by configuring redirect URL for Authorization Failure. But user is always redirected to OAM operation error page (with an error message that URL .. has been denied for the user) in case of Authorization Failure..How to redirect the user to my AuthFail.html page ? I am able to redirect the user to AuthenticationFailure page incase of authentication failure..but not able to redirect in case of authorization failure..how to achieve this?
Thanks & Regards,
SrikanthHi,
I am new to OAM and facing the same error in Authz Rule. Did your issue get resolved?
When I tested the URL with access tester for authz failure scenario, I got Authorized Inconclusive.
I do understand if I mention the AuthFail.html in the redirection URL Authz Inconclusive, the user would be able to see the appropriate error page. But I wanted to understand the reason for authz getting into inconclusive condition. Can someone provide me clarity on this?
Thanks! -
Set Redirection URL in Authorization
I have written a custom Authorization Plug-In which at the end, either return authorization denied or successful.
I was wondering how can I set a redirection URL when I return Authorization failed?
Basically I want to return the user the the login form if they are not Authorized. I can't simply set it in the Authorization Failure Rule in the policy because it doesn't seem to work when i execute my own plugin.
Any ideas?
Thanks,
RajAre you not getting the authorization failure back to your policy or its not redirecting ? When you set the authorization denied in plugin and return , the authorization rule that called the Plugin will fire the failure part of the rule. But this wont redirect back to the login page because login page will think the user is already authentication ( because of valid obssocookie). You can try redirecting to another accessdenied page.
Thanks
Ram -
Authorization policy in oam11g domain
Hi Guys,
One of our web resources protected with oam (webgate 10g) needs password also for application side authorization,My questions are,
1.Is it possible to set password in session,header or cookie in response of authorization policy of application domain in oam 11g?
OR
2.Is there any way to pass password as encrypted as header,session or cookie to protected web resource with 10g webgate?
Regards,
jdevcheck this post:
How application can access OAM protected resource. -
Authorization denial messages to clients or URL redirection once denied?
Our client would like to setup a Internet access solution for a limited number of employees belonging to a certain AD group. I have Central web auth working and can easily grant or deny access/authorization by AD group memberships, but I want a more friendly "not authorized" message or url sent to the users whom are not in the permitted AD group. Currently, a user not in the group (not permitted) can get the portal login page, followed by the AUP page, then they get the "login successful" just as the permitted users do. This seems inappropriate when they then have no access to anything.
Note, we would like to do this without any advanced license needs on ISE. We are using ISE solely for hosting our guest portals and then both local and external (AD) user authentication/authorization.
DavidStep by step, how did you arrive at seeing this agreement?
-
I am no longer within range of a network that I was ''attempting'' to connect to as ''guest'' and now the guest registration page for the network overrides the url that was set for my home page in Firefox. (I never actually established a connection to the internet on that network because the guest username and password repeatedly failed.) The redirect executes whenever I type the URL, www.yahoo.com, into the address bar or when I follow a link from a search engine to that URL, or when I click the home button. How can I stop the
redirect? I deleted all network locations that contained that network and cookies that contained the network name but that did not stop the page redirection. I do not believe this to be a virus or malicious network because it was at an research institute. I looked in prefs.js for any keywords from that network but I did not find anything obvious.
Thank you for your help.Easily fixed: clear the cache.
-
OIF11g-OAM11g integration - Auth mode?
I'm tying to get OIF11g-OAM11g auth mode integration work. I'm following the OIF integration mode doc and followed all the steps. I'm getting redirected to the OAM forum login. Authentication is going through successfull, but I'm getting this error from OIF:
<Mar 13, 2012 1:17:36 PM CDT> <Error> <oracle.security.fed.eventhandler.authn.engines.oam.OAMAuthnEventHandler> <FED-18068> <Authentication failed: WebGate did not authenticate the user>
<Mar 13, 2012 1:17:36 PM CDT> <Warning> <oracle.security.fed.http.handlers.authn.LoginRequestHandler> <FED-18051> <Authentication instant was not sent from the authentication engine.>
Installed OHS server (for Webgate 11g agent) on the same server hosting OIF (configured for both IdP and SP). I'm NOT using OSSO agent.
The index.html of OHS server was modified and set to redirect the loopback testing URL of fed server as below. The reason I did this was to suppress the OIF login page and make OIF understand the OAM cookie.
http://oifhost:7499/fed/idp/initiatesso?providerid=http://oifhost:7499/fed/sp&returnurl=http://anyresouce
Under Authentication Engine, made OAM as the default authentication engine and added "OAM_REMOTE_USER" as the header attribute
Create OAM policy in OAM. The host identifier has both OHS proxy and OIF host URL
Added "OAM_REMOTE_USER" as the header attribute under authorization policy
Has someone faced this issue before. I have seen many threads with the same issue but no solutions yet. Please help.Hi community,
I have a problem with the integration between oracle access manager 11g and Oracle identity Federation. I want propagate the credential from an application called WSebra to Oracle Access Manager with a SAML Assertion. I have tested the procedure of the integration guide of Oracle "Integration Guide for Oracle Access Manager E15740-04" but not work.
I want know if is possible propagate the credentials betwen an application that send SAML Assertion like WSebra and Oracle Access Manager 11G and if is possible the procedure of integration, i don´t use WebGate i just need propagate the credentials from wsebra to Access Manager. Wsebra has an authentication mechanism with an LDAP system and make the work of authentication, Access Manager must create the Session.
At this point, i create and identity provider and service provider with Oracle Single Sign-On like the integrattion manual describe and i get the message:
Resultado de Autenticación de SSO: Fallo de Autenticación
Código de Estado Secundario de SSOUNKNOWN_PRINCIPAL
And in the log i get the next message:
Authentication instant was not sent from the authentication engine.
Please i need help with this topic because we must integrate this products for a migration process, we want migrate from SUN ACCESS MANAGER to Oracle Access Manager 11g, the SUN ACCESS MANAGER has the SAML setting out of the box. Oracle Access Manager 11g doesn't has SAML and RSA authenticacion is very bad, and we have many problems for this features.
Thanks. -
Remote App from Ipad return "Failed to parse authorization Challange"
Hi,
I have set up a Remote App infrastructure on Windows 2012 server , I have publish some apps , I have publish my server on internet opening port 443 and 3389 for RDP with a public rapid SSL wildcard certificate ... everything works on pcs but when I try
to connect with my ipad from external I receive the error:
"Failed to parse authorization Challange"
with the following log:
===== DO NOT DELETE CONTENT BELOW THIS LINE =====
[2014-May-06 12:03:11] RDP (0): Resolved 'apps.mydomain.com' to '195.206.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:03:11] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:03:11] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:03:11] RDP (0): Error message: The gateway failed to connect with the message: 404 Not Found(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-May-06 12:03:11] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-May-06 12:03:11] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:03:11] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-May-06 12:03:13] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-May-06 12:03:13] RDP (0): client version: 8.0.5.24403 on iPad3,6 (iPhone OS 7.1.1)
[2014-May-06 12:03:13] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:03:13] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 77310DD3EA18B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 01C00DD3EA18B941;
gatewayMode = 2;
host = "SRVAPP.MYDOMAIN";
label = AS400;
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||AS400";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
77310DD3EA18B941,
84F1ABD3EA18B941,
51A54AD4EA18B941,
DF88EED4EA18B941,
9E7D8DD5EA18B941,
E1EB2BD6EA18B941,
CA18C3D6EA18B941
host = "apps.mydomain.com";
id = 01C00DD3EA18B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:03:13] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:03:13] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:03:13] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:03:13] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:03:13] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:03:13] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:03:13] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:03:13] RDP (0): Not using any proxy
[2014-May-06 12:03:13] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:03:13] RDP (0): Resolved 'SRVAPP.mydomain' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
[2014-May-06 12:03:13] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-May-06 12:03:13] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:03:14] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 77310DD3EA18B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 01C00DD3EA18B941;
gatewayMode = 2;
gwAutodetectState = kConnectionGwAutodectedForceGW;
host = "SRVAPP.mydomain";
label = AS400;
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||AS400";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
77310DD3EA18B941,
84F1ABD3EA18B941,
51A54AD4EA18B941,
DF88EED4EA18B941,
9E7D8DD5EA18B941,
E1EB2BD6EA18B941,
CA18C3D6EA18B941
host = "apps.mydomain.com";
id = 01C00DD3EA18B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:03:14] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:03:14] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:03:14] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:03:14] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:03:14] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:03:14] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:03:14] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:03:14] RDP (0): Not using any proxy
[2014-May-06 12:03:14] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:03:14] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:03:14] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:03:14] RDP (0): HTTP RPC_IN_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:03:14] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:03:14] RDP (0): HTTP RPC_OUT_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:03:14] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:03:16] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:03:16] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:03:16] RDP (0): Error message: The gateway failed to connect with the message: 404 Not Found(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-May-06 12:03:16] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-May-06 12:03:16] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:03:16] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-May-06 12:05:15] RDP (0): Application went into background
[2014-May-06 12:26:21] RDP (0): Application became foreground application
[2014-May-06 12:26:31] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-May-06 12:26:31] RDP (0): client version: 8.0.5.24403 on iPad3,6 (iPhone OS 7.1.1)
[2014-May-06 12:26:31] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:26:31] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 9EB75556F018B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 01C00DD3EA18B941;
gatewayMode = 2;
host = "SRVAPP.MYDOMAIN";
label = "CAPA_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||CAPA_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
77310DD3EA18B941,
84F1ABD3EA18B941,
51A54AD4EA18B941,
DF88EED4EA18B941,
9E7D8DD5EA18B941,
E1EB2BD6EA18B941,
CA18C3D6EA18B941,
5F0AB755F018B941,
9EB75556F018B941,
57CCEC56F018B941
host = "apps.mydomain.com";
id = 01C00DD3EA18B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:26:31] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:26:31] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:26:31] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:26:31] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:26:31] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:26:31] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:26:31] RDP (0): Not using any proxy
[2014-May-06 12:26:31] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:26:31] RDP (0): Resolved 'SRVAPP.MYDOMAIN' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
[2014-May-06 12:26:31] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-May-06 12:26:31] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:26:31] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 9EB75556F018B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 01C00DD3EA18B941;
gatewayMode = 2;
gwAutodetectState = kConnectionGwAutodectedForceGW;
host = "SRVAPP.MYDOMAIN";
label = "CAPA_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||CAPA_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
77310DD3EA18B941,
84F1ABD3EA18B941,
51A54AD4EA18B941,
DF88EED4EA18B941,
9E7D8DD5EA18B941,
E1EB2BD6EA18B941,
CA18C3D6EA18B941,
5F0AB755F018B941,
9EB75556F018B941,
57CCEC56F018B941,
BFD38857F018B941
host = "apps.mydomain.com";
id = 01C00DD3EA18B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:26:31] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:26:31] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:26:31] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:26:31] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:26:31] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:26:31] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:26:31] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:26:31] RDP (0): Not using any proxy
[2014-May-06 12:26:31] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:26:31] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:26:31] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:26:33] RDP (0): HTTP RPC_OUT_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:26:33] RDP (0): HTTP RPC_IN_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:26:33] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:26:33] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:26:33] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:26:33] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:26:33] RDP (0): Error message: The gateway failed to connect with the message: 404 Not Found(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-May-06 12:26:33] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-May-06 12:26:33] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:26:33] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-May-06 12:28:37] RDP (0): Application went into background
[2014-May-06 12:34:23] RDP (0): Application became foreground application
[2014-May-06 12:34:32] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-May-06 12:34:32] RDP (0): client version: 8.0.5.24403 on iPad3,6 (iPhone OS 7.1.1)
[2014-May-06 12:34:32] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:34:32] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 31CE4F37F218B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 01C00DD3EA18B941;
gatewayMode = 2;
host = "SRVAPP.MYDOMAIN";
label = "DifettiProduzione_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||DifettiProduzione_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
77310DD3EA18B941,
84F1ABD3EA18B941,
51A54AD4EA18B941,
DF88EED4EA18B941,
9E7D8DD5EA18B941,
E1EB2BD6EA18B941,
CA18C3D6EA18B941,
5F0AB755F018B941,
9EB75556F018B941,
57CCEC56F018B941,
BFD38857F018B941,
F6424158F018B941,
66C1EC58F018B941,
83858B59F018B941,
6EA42436F218B941,
1CEEAB36F218B941,
31CE4F37F218B941,
F7B0DF37F218B941,
3D436438F218B941
host = "apps.mydomain.com";
id = 01C00DD3EA18B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:34:32] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:34:32] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:34:32] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:34:32] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:34:32] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:34:32] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:34:32] RDP (0): Not using any proxy
[2014-May-06 12:34:32] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:34:32] RDP (0): Resolved 'SRVAPP.MYDOMAIN' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
[2014-May-06 12:34:32] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-May-06 12:34:32] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:34:32] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 31CE4F37F218B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 01C00DD3EA18B941;
gatewayMode = 2;
gwAutodetectState = kConnectionGwAutodectedForceGW;
host = "SRVAPP.MYDOMAIN";
label = "DifettiProduzione_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||DifettiProduzione_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
77310DD3EA18B941,
84F1ABD3EA18B941,
51A54AD4EA18B941,
DF88EED4EA18B941,
9E7D8DD5EA18B941,
E1EB2BD6EA18B941,
CA18C3D6EA18B941,
5F0AB755F018B941,
9EB75556F018B941,
57CCEC56F018B941,
BFD38857F018B941,
F6424158F018B941,
66C1EC58F018B941,
83858B59F018B941,
6EA42436F218B941,
1CEEAB36F218B941,
31CE4F37F218B941,
F7B0DF37F218B941,
3D436438F218B941,
45F0EB38F218B941
host = "apps.mydomain.com";
id = 01C00DD3EA18B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:34:32] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:34:32] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:34:32] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:34:32] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:34:32] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:34:32] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:34:32] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:34:32] RDP (0): Not using any proxy
[2014-May-06 12:34:32] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:34:32] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:34:32] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:34:35] RDP (0): HTTP RPC_IN_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:34:35] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:34:35] RDP (0): HTTP RPC_OUT_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:34:35] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:34:35] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:34:35] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:34:35] RDP (0): Error message: The gateway failed to connect with the message: 404 Not Found(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-May-06 12:34:35] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-May-06 12:34:35] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:34:35] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-May-06 12:35:28] RDP (0): Application went into background
[2014-May-06 12:35:34] RDP (0): Application became foreground application
[2014-May-06 12:35:45] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-May-06 12:35:45] RDP (0): client version: 8.0.5.24403 on iPad3,6 (iPhone OS 7.1.1)
[2014-May-06 12:35:45] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:35:45] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 2C11E07DF218B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 8CDC4B79F218B941;
gatewayMode = 2;
host = "SRVAPP.MYDOMAIN";
label = "DifettiProduzione_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||DifettiProduzione_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
30664B79F218B941,
37A6A77CF218B941,
EA3C467DF218B941,
2C11E07DF218B941,
EBE2767EF218B941,
26E3887FF218B941,
06F10D80F218B941,
3EAE9580F218B941
host = "apps.mydomain.com";
id = 8CDC4B79F218B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:35:45] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:35:45] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:35:45] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:35:45] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:35:45] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:35:45] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:35:45] RDP (0): Not using any proxy
[2014-May-06 12:35:45] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:35:45] RDP (0): Resolved 'SRVAPP.MYDOMAIN' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
[2014-May-06 12:35:45] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-May-06 12:35:45] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:35:45] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 2C11E07DF218B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 8CDC4B79F218B941;
gatewayMode = 2;
gwAutodetectState = kConnectionGwAutodectedForceGW;
host = "SRVAPP.MYDOMAIN";
label = "DifettiProduzione_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||DifettiProduzione_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
30664B79F218B941,
37A6A77CF218B941,
EA3C467DF218B941,
2C11E07DF218B941,
EBE2767EF218B941,
26E3887FF218B941,
06F10D80F218B941,
3EAE9580F218B941
host = "apps.mydomain.com";
id = 8CDC4B79F218B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:35:45] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:35:45] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:35:45] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:35:45] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:35:45] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:35:45] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:35:45] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:35:45] RDP (0): Not using any proxy
[2014-May-06 12:35:45] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:35:45] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:35:45] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:35:46] RDP (0): HTTP RPC_IN_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:35:46] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:35:46] RDP (0): HTTP RPC_OUT_DATA connection redirected from https://apps.mydomain.com:443/rpc/rpcproxy.dll?localhost:3388 to https://apps.mydomain.com/RDWeb/rpc/rpcproxy.dll
[2014-May-06 12:35:46] RDP (0): Resolved 'apps.mydomain.com' to '195.z.y.x' using NameResolveMethod_Unknown(0)
[2014-May-06 12:35:46] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:35:46] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 209
User Message : The gateway failed to connect with the message: 404 Not Found
[2014-May-06 12:35:46] RDP (0): Error message: The gateway failed to connect with the message: 404 Not Found(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-May-06 12:35:46] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-May-06 12:35:46] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:35:46] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-May-06 12:37:52] RDP (0): Application went into background
[2014-May-06 12:38:25] RDP (0): Application became foreground application
[2014-May-06 12:38:33] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-May-06 12:38:33] RDP (0): client version: 8.0.5.24403 on iPad3,6 (iPhone OS 7.1.1)
[2014-May-06 12:38:33] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:38:34] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:38:34] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 75AFEF2AF318B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 8CDC4B79F218B941;
gatewayMode = 2;
host = "SRVAPP.MYDOMAIN";
label = "DifettiProduzione_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||DifettiProduzione_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
30664B79F218B941,
37A6A77CF218B941,
EA3C467DF218B941,
2C11E07DF218B941,
EBE2767EF218B941,
26E3887FF218B941,
06F10D80F218B941,
3EAE9580F218B941,
7F340829F318B941,
1BBDAE29F318B941,
26A8452AF318B941,
75AFEF2AF318B941
host = "apps.mydomain.com";
id = 8CDC4B79F218B941;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-May-06 12:38:34] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-May-06 12:38:34] RDP (0): lo0 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-May-06 12:38:34] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-May-06 12:38:34] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-May-06 12:38:34] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): pdp_ip0 af=2 (AF_INET) addr=109.112.3.43 netmask=255.255.255.255
[2014-May-06 12:38:34] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): ap1 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): en0 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): en2 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): awdl0 af=18 addr= netmask=
[2014-May-06 12:38:34] RDP (0): --- END INTERFACE LIST ---
[2014-May-06 12:38:34] RDP (0): Not using any proxy
[2014-May-06 12:38:34] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-May-06 12:38:35] RDP (0): Resolved 'SRVAPP.MYDOMAIN' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
[2014-May-06 12:38:35] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-May-06 12:38:35] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-May-06 12:38:35] RDP (0): Final rdp configuration used: {
activeUsername = "COPAN\\ataglietti";
arcTimeout = 1800;
cacheId = 75AFEF2AF318B941;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = 8CDC4B79F218B941;
gatewayMode = 2;
gwAutodetectState = kConnectionGwAutodectedForceGW;
host = "SRVAPP.MYDOMAIN";
label = "DifettiProduzione_64bit";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.QuickSessionCollection";
mouseMode = "-1";
port = 3389;
remoteProgram = "||DifettiProduzione_64bit";
remoteProgramArguments = "";
remoteProgramRail = 1;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
THANKS FOR SUGGESTIONHi,
Thank you for posting in Windows Server Forum.
Please check that you have enable RD Web SSO and as you have buy RapidSSL wildcard certificate you need to see that certificate installed with its private key and also need to store the certificate under local computer personal store.
In addition check the group policy whether you added server name in “Allow Delegating Default Credentials” under below path.
Computer Configuration\Administrative Templates\System\Credentials Delegation
Please check below articles for details.
Remote Desktop Web Access single sign-on now easier to enable in Windows Server 2012
http://blogs.msdn.com/b/rds/archive/2012/06/25/remote-desktop-web-access-single-sign-on-now-easier-to-enable-in-windows-server-2012.aspx
Hope it helps!
Thanks.
Dharmesh Solanki -
HOW TO Developing an Authorization plug-in
#if defined (_WIN32)
#pragma warning(disable : 4996)
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, // handle to DLL module
DWORD fdwReason, // reason for calling function
LPVOID lpReserved ) // reserved
return TRUE;
#endif
How to create here
/*----------------------------------------------------------------------------+
| ___ _ _ |
| / | | | | | |
| / /| | __| | ___ | |__ ___ |
| / /_| |/ _ |/ _ \| _ \ / _ \ |
| / ___ | (_| | (_) | |_) | __/ |
| /_/ |_|\__,_|\___/|____/ \___| |
| |
| |
| ADOBE CONFIDENTIAL |
| __________________ |
| |
| Copyright (c) 2003 - 2010, Adobe Systems Incorporated. |
| All rights reserved. |
| |
| NOTICE: All information contained herein is, and remains the property |
| of Adobe Systems Incorporated and its suppliers, if any. The intellectual |
| and technical concepts contained herein are proprietary to Adobe Systems |
| Incorporated and its suppliers and may be covered by U.S. and Foreign |
| Patents, patents in process, and are protected by trade secret or |
| copyright law. Dissemination of this information or reproduction of this |
| material is strictly forbidden unless prior written permission is |
| obtained from Adobe Systems Incorporated. |
| |
| Adobe Systems Incorporated 415.832.2000 |
| 601 Townsend Street 415.832.2020 fax |
| San Francisco, CA 94103 |
| |
+----------------------------------------------------------------------------*/
#include "StdAfx.h"
#include "FmsAuthAdaptor.h"
#include "FmsAuthActions.h"
#include "FmsMedia.h"
#include <stdio.h>
#include <fcntl.h>
#include <string.h>
#include "hash.h"
#include <sstream>
#if defined (_WIN32)
#pragma warning(disable : 4996)
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, // handle to DLL module
DWORD fdwReason, // reason for calling function
LPVOID lpReserved ) // reserved
return TRUE;
#endif
// Flag to process SWF Verification in this auth sample. A real SWF file
// must be targeted in the SWFVerification code below for the example to work.
static const bool kAuthorizeSwfVerification = false;
class FmsAuthAdaptor : public IFmsAuthAdaptor
public:
FmsAuthAdaptor(IFmsAuthServerContext2* pFmsAuthServerContext)
: m_pFmsAuthServerContext(pFmsAuthServerContext) {}
virtual ~FmsAuthAdaptor() {}
void authorize(IFmsAuthEvent* pAev);
void notify(IFmsAuthEvent* pAev);
void getEvents(I32 aevBitAuth[], I32 aevBitNotf[], unsigned int count);
private:
bool getStats(I64 clientStatsHandle, FmsClientStats& baseStats);
void processStats(IFmsAuthEvent* pAev);
IFmsAuthServerContext2* m_pFmsAuthServerContext;
// Utils
// Note: Do not delete the return value. The return value is a buffer
// allocated in FMS memory space, and FMS will manage the memory.
static char* getStringField(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kString)
return reinterpret_cast<char*>(field.str);
return 0;
// Note: Do not delete the return value. The return value is a buffer
// allocated in FMS memory space, and FMS will manage the memory.
static U8* getBufferField(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kBuffer)
return field.buf;
return 0;
static bool getI8Field(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, I8& iValue)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kI8)
iValue = field.i8;
return true;
return false;
static bool getI32Field(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, I32& iValue)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kI32)
iValue = field.i32;
return true;
return false;
static bool getI64Field(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, I64& iValue)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kI64)
iValue = field.i64;
return true;
return false;
static bool getFloatField(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, float& fValue)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kFloat)
fValue = field.f;
return true;
return false;
static bool getU16Field(const IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, U16& iValue)
FmsVariant field;
if (pEv->getField(prop, field) == IFmsAuthEvent::S_SUCCESS && field.type == field.kU16)
iValue = field.u16;
return true;
return false;
static bool setStringField(IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, char* pValue)
FmsVariant field;
field.setString(reinterpret_cast<I8*>(pValue));
return pEv->setField(prop, field) == IFmsAuthEvent::S_SUCCESS;
static bool setI8Field(IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, I8 iValue)
FmsVariant field;
field.setI8(iValue);
return pEv->setField(prop, field) == IFmsAuthEvent::S_SUCCESS;
static bool setU8Field(IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, U8 iValue)
FmsVariant field;
field.setU8(iValue);
return pEv->setField(prop, field) == IFmsAuthEvent::S_SUCCESS;
static bool setI32Field(IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, I32 iValue)
FmsVariant field;
field.setI32(iValue);
return pEv->setField(prop, field) == IFmsAuthEvent::S_SUCCESS;
static bool setI64Field(IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, I64 iValue)
FmsVariant field;
field.setI64(iValue);
return pEv->setField(prop, field) == IFmsAuthEvent::S_SUCCESS;
static bool setFloatField(IFmsAuthEvent* pEv, IFmsAuthEvent::Field prop, float fValue)
FmsVariant field;
field.setFloat(fValue);
return pEv->setField(prop, field) == IFmsAuthEvent::S_SUCCESS;
static bool isADPCMSupported(int iAudioCodecs)
return (iAudioCodecs & SUPPORT_SND_ADPCM) != 0;
static bool isVP6Supported(int iVideoCodecs)
int iAllVP6 = ( SUPPORT_VID_VP6ALPHA | SUPPORT_VID_VP6 );
return (iVideoCodecs & iAllVP6) != 0;
static bool isService(int iType)
return (iType & TYPE_SERVICE) != 0;
static bool isAMF3(unsigned char uEncod)
return (uEncod == ENCODE_AMF3);
// This class will process all authorization events
class MyFmsAuthorizeEvent
public:
MyFmsAuthorizeEvent(IFmsAuthEvent* pAev, IFmsAuthServerContext2* pFmsAuthServerContext)
: m_pAev(pAev), m_pFmsAuthServerContext(pFmsAuthServerContext) {}
virtual ~MyFmsAuthorizeEvent() {}
void authorize();
private:
IFmsAuthEvent* m_pAev;
IFmsAuthServerContext2* m_pFmsAuthServerContext;
void MyFmsAuthorizeEvent::authorize()
bool bAuthorized = true; // default authorization state
switch(m_pAev->getType())
case IFmsAuthEvent::E_CONNECT:
// only E_CONNECT allows changes to the following fields:
// F_CLIENT_AUDIO_SAMPLE_ACCESS
// F_CLIENT_AUDIO_SAMPLE_ACCESS_LOCK
// F_CLIENT_READ_ACCESS
// F_CLIENT_READ_ACCESS_LOCK
// F_CLIENT_VIDEO_SAMPLE_ACCESS
// F_CLIENT_VIDEO_SAMPLE_ACCESS_LOCK
// F_CLIENT_WRITE_ACCESS_LOCK
// F_CLIENT_WRITE_ACCESS
I8 iValue;
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_WRITE_ACCESS, iValue))
setI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_WRITE_ACCESS, iValue);
// redirect connection example
char* pUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI);
if (pUri && !strcmp(pUri, "rtmp://localhost/streamtest"))
setStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REDIRECT_URI,
"rtmp://localhost:1935/streamtest");
bAuthorized = false;
// set DiffServ fields based on a client IP
// char* pIp = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_IP);
// if (pIp && !strcmp(pIp, "192.168.1.1"))
// set the DSCP bits and mask
U8 m_diffServBits = 170;
U8 m_diffServMask = 252;
setU8Field(m_pAev, IFmsAuthEvent::F_CLIENT_DIFFSERV_BITS, m_diffServBits);
setU8Field(m_pAev, IFmsAuthEvent::F_CLIENT_DIFFSERV_MASK, m_diffServMask);
bAuthorized = true;
break;
case IFmsAuthEvent::E_PLAY:
char* pStreamName = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME);
if (pStreamName)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME, pStreamName);
char* pStreamType = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE);
if (pStreamType)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE, pStreamType);
char* pStreamQuery = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_QUERY);
if (pStreamQuery)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_QUERY, pStreamQuery);
I8 iValue;
if (getI8Field(m_pAev, IFmsAuthEvent::F_STREAM_RESET, iValue))
// If iValue is 1 (true) the playlist will be reset and the
// stream will be the only stream in the playlist; otherwise
// 0 (false) means the stream will be added to the existing
// playlist.
setI8Field(m_pAev, IFmsAuthEvent::F_STREAM_RESET, iValue);
if (getI8Field(m_pAev, IFmsAuthEvent::F_STREAM_IGNORE, iValue))
// If iValue is 1 (true) the stream timestamps will be ignored;
// otherwise 0 (false) means the timestamps will be handled.
setI8Field(m_pAev, IFmsAuthEvent::F_STREAM_IGNORE, iValue);
char* pStreamTransition = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TRANSITION);
if (pStreamTransition && strlen(pStreamTransition))
// MBR transition example
if (!strcmp(pStreamTransition, "switch") ||
!strcmp(pStreamTransition, "swap"))
// get the old stream's properties
char* pOldStreamName = getStringField(m_pAev, IFmsAuthEvent::F_OLD_STREAM_NAME);
char* pOldStreamType = getStringField(m_pAev, IFmsAuthEvent::F_OLD_STREAM_TYPE);
char* pOldStreamQuery = getStringField(m_pAev, IFmsAuthEvent::F_OLD_STREAM_QUERY);
// if pOldStream is empty (optional for switch) current stream is in play
// do we really want stream transition?
// no we do not allow transition
// bAuthorized = false;
// now transition will be turned off and old stream continue playing
// break;
// doing nothing will execute transition mode as is
// or you could modify transition by changing transition properties
// set it to 1 to indicate they will be hooking up the stream,
// but that it does not currently exist
setI32Field(m_pAev, IFmsAuthEvent::F_STREAM_LIVE_PUBLISH_PENDING, 1);
// get the offset value if transition is set to offset mode for reconnect
if (!strcmp(pStreamTransition, "resume"))
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_OFFSET, fValue))
float offset = fValue; //offset value in seconds
else
// This is a regular play waiting for approval, which may be converted
// into a play2 command by changing transition properties
break;
case IFmsAuthEvent::E_PUBLISH:
char* pStreamName = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME);
if (pStreamName)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME, pStreamName);
char* pStreamType = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE);
if (pStreamType)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE, pStreamType);
I32 iValue;
if (getI32Field(m_pAev, IFmsAuthEvent::F_STREAM_PUBLISH_TYPE, iValue))
// publish types:
// 0 : record
// 1 : append
// 2 : appendWithGap
// -1 : live
setI32Field(m_pAev, IFmsAuthEvent::F_STREAM_PUBLISH_TYPE, iValue);
break;
case IFmsAuthEvent::E_FILENAME_TRANSFORM:
I64 iValue;
if (getI64Field(m_pAev, IFmsAuthEvent::F_CLIENT_ID, iValue))
// some fields are not eligible to be modified. The return
// value will be false when trying to modify the F_CLIENT_ID.
bool bSet = setI64Field(m_pAev, IFmsAuthEvent::F_CLIENT_ID, iValue);
char* pStreamName = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME);
if (pStreamName)
// some fields are not eligible to be modified. The return
// value will be false when trying to modify the F_STREAM_NAME.
bool bSet = setStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME, pStreamName);
char* pStreamPath = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_PATH);
if (pStreamPath)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_PATH, pStreamPath);
char* pStreamType = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE);
if (pStreamType)
setStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE, pStreamType);
break;
case IFmsAuthEvent::E_PAUSE:
bAuthorized = false; // block all E_PAUSE events.
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_PAUSE_TIME, fValue))
float fPauseTime = fValue; // in seconds
I8 iValue;
if (getI8Field(m_pAev, IFmsAuthEvent::F_STREAM_PAUSE, iValue))
// 1 (true) means PAUSE
// 0 (false) means UNPAUSE
bool boolPause = iValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_STREAM_PAUSE_TOGGLE, iValue))
// 1 (true) means PAUSE_TOGGLE
// 0 (false) means no PAUSE_TOGGLE was set
bool boolPauseToggle = iValue != 0;
FmsVariant field;
// Notify Action example: An IFmsNofifyAction is created to notify
// server side action script (SSAS) of the E_PAUSE event by calling
// the function name "method" in the script. In this example two
// variables will be passed to "method" by calling addParam(field)
// on the action.
if (m_pAev->getField(IFmsAuthEvent::F_CLIENT_ID, field) == IFmsAuthEvent::S_SUCCESS)
I64 clientId = field.i64;
IFmsNotifyAction* pAction = m_pAev->addNotifyAction("Notified by adaptor");
pAction->setClientId(field);
const char mtd[] = "method";
field.setString(reinterpret_cast<I8*>(const_cast<char*>(mtd)));
pAction->setMethodName(field);
// create and insert a U16 "12345" as the first parameter
field.setU16(12345);
pAction->addParam(field);
// create and insert clientId as a double as the second parameter
field.setDouble((double)clientId);
pAction->addParam(field);
// Note: SSAS does not work with I64 or Buffer variants
// field.setI64(clientId);
// pAction->addParam(field); // incorrect
break;
case IFmsAuthEvent::E_SEEK:
bAuthorized = false; // block all E_SEEK events
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_SEEK_POSITION, fValue))
// Modification of the seek position example:
// fValue + 3; will add 3 seconds to the initial seek posistion
float fSeekTime = fValue; // value in seconds
setFloatField(m_pAev, IFmsAuthEvent::F_STREAM_SEEK_POSITION, fSeekTime);
break;
case IFmsAuthEvent::E_LOADSEGMENT:
// bAuthorized = false; // block all E_LOADSEGMENT events
// E_LOADSEGMENT is a read only event that substitutes E_PLAY on
// FMS Origin servers for recorded streams.
I64 iValue;
if (getI64Field(m_pAev, IFmsAuthEvent::F_SEGMENT_START, iValue))
I64 iStart = iValue; // in bytes
if (getI64Field(m_pAev, IFmsAuthEvent::F_SEGMENT_END, iValue))
I64 iEnd = iValue; // in bytes
break;
case IFmsAuthEvent::E_RECORD:
// bAuthorized = false; // block all E_RECORD events
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_RECORD_MAXSIZE, fValue))
float recMaxSize = fValue; // in kilobytes
setFloatField(m_pAev, IFmsAuthEvent::F_STREAM_RECORD_MAXSIZE, recMaxSize);
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_RECORD_MAXDURATION, fValue))
float recMaxDuration = fValue; // in seconds
setFloatField(m_pAev, IFmsAuthEvent::F_STREAM_RECORD_MAXDURATION, recMaxDuration);
break;
case IFmsAuthEvent::E_SWF_VERIFY:
// SWF Verification example:
// kAuthorizeSwfVerification is assigned false by default. The
// target SWF file must be updated for this to work.
if(kAuthorizeSwfVerification)
I8 swfvVersion = 0;
if(getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_VERSION, swfvVersion))
std::stringstream stream;
stream << "Swf verification version is " << static_cast<int>(swfvVersion);
m_pFmsAuthServerContext->log(stream.str().c_str(), IFmsServerContext::kInformation, false);
I64 swfvDepth;
if(getI64Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_DEPTH, swfvDepth))
I32 swfvTTL;
if(getI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_TTL, swfvTTL))
swfvTTL /= 2;
setI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_TTL, swfvTTL);
U8 digest[kSHA256DigestLen];
// Target a real SWF file instead of sample.swf
hashSwfFileAtDepth("C:\\sample.swf", swfvDepth, digest);
FmsVariant field;
field.setBuffer(digest, kSHA256DigestLen);
m_pAev->setField(IFmsAuthEvent::F_CLIENT_SWFV_DIGEST, field);
break;
case IFmsAuthEvent::E_APPSTART:
case IFmsAuthEvent::E_APPSTOP:
case IFmsAuthEvent::E_DISCONNECT:
case IFmsAuthEvent::E_STOP:
case IFmsAuthEvent::E_UNPUBLISH:
case IFmsAuthEvent::E_ACTION:
case IFmsAuthEvent::E_CODEC_CHANGE:
case IFmsAuthEvent::E_RECORD_STOP:
case IFmsAuthEvent::E_CLIENT_PAUSE:
case IFmsAuthEvent::E_SWF_VERIFY_COMPLETE:
case IFmsAuthEvent::E_CLIENT_SEEK:
case IFmsAuthEvent::E_START_TRANSMIT:
case IFmsAuthEvent::E_STOP_TRANSMIT:
case IFmsAuthEvent::E_MAXEVENT:
break;
IFmsAuthServerContext2::AuthFailureDesc* desc = NULL;
if(!bAuthorized)
desc = new IFmsAuthServerContext2::AuthFailureDesc("Blocked by auth adaptor",
IFmsAuthServerContext2::kDefaultStatus, -1);
char buf[1024];
const char* const action = bAuthorized ? "approved" : "rejected";
sprintf(buf, "Received authorization type=%d id=%p %s\n", m_pAev->getType(),
m_pAev, action);
// log to the configured FMS log directory. If the third parameter is true,
// also send the log to the system event log.
m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
m_pFmsAuthServerContext->onAuthorize(m_pAev, bAuthorized, desc);
delete desc;
class MyFmsNotifyEvent
public:
MyFmsNotifyEvent(IFmsAuthEvent* pAev, IFmsAuthServerContext2* pFmsAuthServerContext)
: m_pAev(pAev), m_pFmsAuthServerContext(pFmsAuthServerContext) {}
virtual ~MyFmsNotifyEvent() {}
void notify() const;
private:
IFmsAuthEvent* m_pAev;
IFmsAuthServerContext2* m_pFmsAuthServerContext;
void MyFmsNotifyEvent::notify() const
switch(m_pAev->getType())
case IFmsAuthEvent::E_PLAY:
char* pAppName = getStringField(m_pAev, IFmsAuthEvent::F_APP_NAME);
char* pAppInst = getStringField(m_pAev, IFmsAuthEvent::F_APP_INST);
char* pAppUri = getStringField(m_pAev, IFmsAuthEvent::F_APP_URI);
char* pClIp = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_IP);
char* pClUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI);
char* pClNewUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REDIRECT_URI);
char* pClVhost = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_VHOST);
char* pClRef = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REFERRER);
char* pClPurl = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_PAGE_URL);
char* pClAgent = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_USER_AGENT);
char* pClRAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_READ_ACCESS);
char* pClWAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_WRITE_ACCESS);
char* pClAudioAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_AUDIO_SAMPLE_ACCESS);
char* pClVideoAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_VIDEO_SAMPLE_ACCESS);
char* pClProto = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_PROTO);
char* pClUstem = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI_STEM);
char* pStreamName = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME);
char* pStreamType = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE);
char* pStreamQuery = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_QUERY);
char* pStreamPath = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_PATH);
I32 iValue;
if (getI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_AUDIO_CODECS, iValue))
bool bADPCM = isADPCMSupported(iValue);
if (getI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_VIDEO_CODECS, iValue))
bool bVP6 = isVP6Supported(iValue);
if (getI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_TYPE, iValue))
bool bService = isService(iValue);
if (getI32Field(m_pAev, IFmsAuthEvent::F_STREAM_ID, iValue))
I32 iStreamId = iValue;
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_LENGTH, fValue))
float fLength = fValue; // in seconds
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_POSITION, fValue))
float iPosition = fValue; // in seconds
I64 lValue;
if (getI64Field(m_pAev, IFmsAuthEvent::F_CLIENT_ID, lValue))
I64 iClientId = lValue;
I8 sValue;
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_SECURE, sValue))
bool bSecure = sValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_AMF_ENCODING, sValue))
bool bAMF3 = isAMF3(sValue);
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_READ_ACCESS_LOCK, sValue))
bool bRead = sValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_WRITE_ACCESS_LOCK, sValue))
bool bWrite = sValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_AUDIO_SAMPLE_ACCESS_LOCK, sValue))
bool bAudioRead = sValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_VIDEO_SAMPLE_ACCESS_LOCK, sValue))
bool bVideoRead = sValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_STREAM_RESET, sValue))
bool bReset = sValue != 0;
if (getI8Field(m_pAev, IFmsAuthEvent::F_STREAM_IGNORE, sValue))
bool bIgnore = sValue != 0;
break;
case IFmsAuthEvent::E_SEEK:
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_SEEK_POSITION, fValue))
float fSeekTime = fValue;
// Disconnect Action example: disconnect the client that was
// specified by the E_SEEK notify event
FmsVariant field;
if (m_pAev->getField(IFmsAuthEvent::F_CLIENT_ID, field) == IFmsAuthEvent::S_SUCCESS)
IFmsDisconnectAction* pAction =
const_cast<IFmsAuthEvent*>(m_pAev)->
addDisconnectAction("Seek is not allowed. Blocked by adaptor");
pAction->setClientId(field);
break;
case IFmsAuthEvent::E_CODEC_CHANGE:
char* pAppName = getStringField(m_pAev, IFmsAuthEvent::F_APP_NAME);
char* pAppInst = getStringField(m_pAev, IFmsAuthEvent::F_APP_INST);
char* pAppUri = getStringField(m_pAev, IFmsAuthEvent::F_APP_URI);
char* pClIp = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_IP);
char* pClUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI);
char* pClNewUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REDIRECT_URI);
char* pClVhost = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_VHOST);
char* pClRef = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REFERRER);
char* pClPurl = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_PAGE_URL);
char* pClAgent = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_USER_AGENT);
char* pClRAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_READ_ACCESS);
char* pClWAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_WRITE_ACCESS);
char* pClAudioAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_AUDIO_SAMPLE_ACCESS);
char* pClVideoAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_VIDEO_SAMPLE_ACCESS);
char* pClProto = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_PROTO);
char* pClUstem = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI_STEM);
char* pStreamName = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME);
char* pStreamType = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE);
char* pStreamQuery = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_QUERY);
char* pStreamPath = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_PATH);
U16 fType;
if (getU16Field(m_pAev, IFmsAuthEvent::F_STREAM_CODEC_TYPE, fType))
U16 streamCodecType = fType;
if (streamCodecType == kVIDEO_CODEC)
U16 fValue;
if (getU16Field(m_pAev, IFmsAuthEvent::F_STREAM_CODEC, fValue))
U16 streamCodecValue = fValue;
if (streamCodecValue == VIDEO_CODEC_SORENSON)
// Disconnect Action example: Disallow clients trying
// to publish content with the sorenson video codec.
FmsVariant field;
if (m_pAev->getField(IFmsAuthEvent::F_CLIENT_ID, field) == IFmsAuthEvent::S_SUCCESS)
IFmsDisconnectAction* pAction =
const_cast<IFmsAuthEvent*>(m_pAev)->
addDisconnectAction("Sorenson is not allowed. Blocked by adaptor");
pAction->setClientId(field);
break;
case IFmsAuthEvent::E_RECORD_STOP:
char* pAppName = getStringField(m_pAev, IFmsAuthEvent::F_APP_NAME);
char* pAppInst = getStringField(m_pAev, IFmsAuthEvent::F_APP_INST);
char* pAppUri = getStringField(m_pAev, IFmsAuthEvent::F_APP_URI);
char* pClIp = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_IP);
char* pClUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI);
char* pClNewUri = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REDIRECT_URI);
char* pClVhost = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_VHOST);
char* pClRef = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_REFERRER);
char* pClPurl = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_PAGE_URL);
char* pClAgent = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_USER_AGENT);
char* pClRAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_READ_ACCESS);
char* pClWAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_WRITE_ACCESS);
char* pClAudioAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_AUDIO_SAMPLE_ACCESS);
char* pClVideoAccess = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_VIDEO_SAMPLE_ACCESS);
char* pClProto = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_PROTO);
char* pClUstem = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_URI_STEM);
char* pStreamName = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_NAME);
char* pStreamType = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_TYPE);
char* pStreamQuery = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_QUERY);
char* pStreamPath = getStringField(m_pAev, IFmsAuthEvent::F_STREAM_PATH);
float fValue;
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_RECORD_MAXSIZE, fValue))
float recMaxSize = fValue; // in kilobytes
if (getFloatField(m_pAev, IFmsAuthEvent::F_STREAM_RECORD_MAXDURATION, fValue))
float recMaxDuration = fValue; // in seconds
break;
case IFmsAuthEvent::E_SWF_VERIFY_COMPLETE:
char* pClIp = getStringField(m_pAev, IFmsAuthEvent::F_CLIENT_IP);
I8 version; // version of SWF verification
getI8Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_VERSION, version);
I64 depth; // depth in the SWF file hashed
getI64Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_DEPTH, depth);
I32 ttl; // time to live of the SWF hash provided
getI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_TTL, ttl);
// digest provided to match against
U8* buffer = getBufferField(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_DIGEST);
// result of the attempted match-- see FmsAuthEvents.h enum
// eSWFMatch for the meaning of this field
I32 match;
getI32Field(m_pAev, IFmsAuthEvent::F_CLIENT_SWFV_RESULT, match);
std::stringstream stream;
stream << "swf verification for client: "
<< std::string(pClIp)
<< " is complete, the result is: " << match;
m_pFmsAuthServerContext->log(stream.str().c_str(), IFmsServerContext::kInformation, false);
break;
case IFmsAuthEvent::E_APPSTART:
case IFmsAuthEvent::E_APPSTOP:
case IFmsAuthEvent::E_CONNECT:
case IFmsAuthEvent::E_DISCONNECT:
case IFmsAuthEvent::E_FILENAME_TRANSFORM:
case IFmsAuthEvent::E_STOP:
case IFmsAuthEvent::E_PAUSE:
case IFmsAuthEvent::E_PUBLISH:
case IFmsAuthEvent::E_UNPUBLISH:
case IFmsAuthEvent::E_LOADSEGMENT:
case IFmsAuthEvent::E_ACTION:
case IFmsAuthEvent::E_RECORD:
case IFmsAuthEvent::E_CLIENT_PAUSE:
case IFmsAuthEvent::E_SWF_VERIFY:
case IFmsAuthEvent::E_CLIENT_SEEK:
case IFmsAuthEvent::E_START_TRANSMIT:
case IFmsAuthEvent::E_STOP_TRANSMIT:
case IFmsAuthEvent::E_MAXEVENT:
break;
char buf[1024];
sprintf(buf, "Received notification type=%d id=%p\n", m_pAev->getType(), m_pAev);
// log to the configured FMS log directory. If the third parameter is true,
// also send the log to the system event log.
m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
m_pFmsAuthServerContext->onNotify(m_pAev);
/* All authorization events flow through this wrapper function.
* Note: This sample auth adaptor has MyFmsAppAuthEvent allocated on the
* stack, but time intensive implementations may warrant authorization to
* be allocated on the heap so work may be passed to a thread pool. This
* prevents starvation of the calling FMS threads in custom code that may
* have processing delays (ie database calls, network filesystem access, etc..).
void FmsAuthAdaptor::authorize(IFmsAuthEvent* pAev)
MyFmsAuthorizeEvent(pAev, m_pFmsAuthServerContext).authorize();
/* All notification events flow through this wrapper function.
* Note: This sample auth adaptor has MyFmsNotifyEvent allocated on the
* stack, but time intensive implementations may warrant notifications to
* be allocated on the heap so work may be passed to a thread pool. This
* prevents starvation of the calling FMS threads in custom code that may
* have processing delays (ie database calls, network filesystem access, etc..).
void FmsAuthAdaptor::notify(IFmsAuthEvent* pAev)
processStats(pAev);
MyFmsNotifyEvent(pAev, m_pFmsAuthServerContext).notify();
* Get client statistics.
bool FmsAuthAdaptor::getStats(I64 clientStatsHandle, FmsClientStats& baseStats)
bool bValue= m_pFmsAuthServerContext->getClientStats(clientStatsHandle, baseStats);
return bValue;
* Example obtainting client stats from an E_CONNECT or E_STOP event
void FmsAuthAdaptor::processStats(IFmsAuthEvent* pAev)
I64 statsHandle;
FmsClientStats baseStats;
if (!getI64Field(pAev, IFmsAuthEvent::F_CLIENT_STATS_HANDLE, statsHandle))
return;
char* pAppName = getStringField(pAev, IFmsAuthEvent::F_APP_NAME);
if (pAev->getType() == IFmsAuthEvent::E_CONNECT)
getStats(statsHandle, baseStats);
// log data
char buf[1024];
char hashKey[9];
memset(hashKey, 0, 9);
memcpy(hashKey, &statsHandle, sizeof(statsHandle));
sprintf(buf, "client Stats Handle= %s, bytes_in= %f, bytes_out= %f\n", hashKey,
static_cast<double>(baseStats.bytes_in), static_cast<double>(baseStats.bytes_out));
m_pFmsAuthServerContext->log(buf, IFmsServerContext::kInformation, false);
else if (pAev->getType() == IFmsAuthEvent::E_STOP)
getStats(statsHandle, baseStats);
/* By default, all authorization and notifications events will be sent.
* Call excludeEvents with the bit set to 1, to stop recieving events.
* Note: The events:
* E_APPSTART, E_APPSTOP, E_DISCONNECT, E_STOP, E_UNPUBLISH, E_CODEC_CHANGE
* are excluded by default and are not authorizable.
void FmsAuthAdaptor::getEvents(I32 aevBitAuth[], I32 aevBitNotf[], unsigned int count)
// exclude certain auth events
IFmsAuthEvent::EventType authExcludeEvent[] = { IFmsAuthEvent::E_SEEK };
// set E_SEEK to a non authorizable event
m_pFmsAuthServerContext->excludeEvents(aevBitAuth, count, authExcludeEvent, 1);
// Warning: if E_CODEC_CHANGE event is not excluded, all messages will be
// scanned to detect codec change. Subscribe to this event only as needed.
// Example that excludes certain notify events. (E_PAUSE, E_CODEC_CHANGE)
IFmsAuthEvent::EventType notifyExcludeEvent[] =
{ IFmsAuthEvent::E_PAUSE, IFmsAuthEvent::E_CODEC_CHANGE };
m_pFmsAuthServerContext->excludeEvents(aevBitNotf, count, notifyExcludeEvent, 2);
extern "C" void FCExport FmsCreateAuthAdaptor3(IFmsAuthServerContext2* pAuthServerCtx,
IFmsAuthAdaptor*& pFmsAuthAdaptor, U32& iVersion)
pFmsAuthAdaptor = new FmsAuthAdaptor(pAuthServerCtx);
U32 version = pAuthServerCtx->getVersion();
U16 w2 = LWORD(version);
U16 w1 = HWORD(version);
iVersion = MKLONG(INTERFACE_MINOR_VERSION, INTERFACE_MAJOR_VERSION);
char buf[1024];
char *ptr = buf;
int valueLen = pAuthServerCtx->getConfig("UserKey1", &ptr, sizeof(buf));
if (!valueLen)
valueLen = pAuthServerCtx->getConfig("UserKey2", &ptr, sizeof(buf));
if (!valueLen)
return;
if (valueLen < 0)
// failed to find this key
return;
if (valueLen < 0)
// failed to find this key
return;
// value length is bigger then the buffer size, and a real adaptor should
// allocate valueLen + 1 bytes and call again
extern "C" void FCExport FmsDestroyAuthAdaptor3(IFmsAuthAdaptor* pAuthAdaptor )
delete pAuthAdaptor;There is no API to Acrobat's document compare feature.
It is certainly possible for an experienced plug-in programmer to
create a new compare plug-in. For example, extract text from two PDFs
and compare it. Comparison algorithms have been much studied so should
be findable in academic literature.
Going beyond text comparison would be a major exercise.
Aandi Inston -
IOS SSL VPN WITH RADIUS Authorization
Hi
I'm trying to authenitcate and authorize the users loggining into SSLVPN via ACS and although the ACS loggs and "TEST" command on the router shw succeeful authentication i receive the flollowing debug
*Jun 6 22:39:50.157: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4346
Rack1R1(config)#
*Jun 6 22:40:09.409: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4357
Rack1R1(config)#
*Jun 6 22:40:21.409: WV-AAA: AAA authentication request sent for user: "SSLUSER"
*Jun 6 22:40:21.409: RADIUS/ENCODE(00000000):Orig. component type = INVALID
*Jun 6 22:40:21.409: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
*Jun 6 22:40:21.409: RADIUS(00000000): Config NAS IP: 150.1.1.1
*Jun 6 22:40:21.409: RADIUS(00000000): sending
*Jun 6 22:40:21.409: RADIUS(00000000): Send Access-Request to 10.0.0.100:1645 id 1645/27, len 60
*Jun 6 22:40:21.409: RADIUS: authenticator AC 16 B3 54 46 72 37 05 - 4C 00 19 21 81 97 40 6E
*Jun 6 22:40:21.409: RADIUS: User-Name [1] 16 "SSLUSER@SSLVPN"
Rack1R1(config)#
*Jun 6 22:40:21.409: RADIUS: User-Password [2] 18 *
*Jun 6 22:40:21.409: RADIUS: NAS-IP-Address [4] 6 150.1.1.1
*Jun 6 22:40:21.669: RADIUS: Received from id 1645/27 10.0.0.100:1645, Access-Accept, len 282
*Jun 6 22:40:21.669: RADIUS: authenticator 2D 2C B0 39 89 4C 41 88 - 40 32 E2 09 0D 7F 6B 0C
*Jun 6 22:40:21.669: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 28
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 22 "webvpn:svc-enabled=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 29
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 23 "webvpn:svc-required=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 50
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 44 "webvpn:split-include=6.6.6.0 255.255.255.0"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 35
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 29 "webvpn:keep-svc-installed=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 31
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 25 "webvpn:addr-pool=SSLVPN"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 41
*Jun 6 22:40:21.669: RADIUS: Service-Type [6] 6 Outbound [5]
*Jun 6 22:40:21.669: RADIUS: Class [25] 36
*Jun 6 22:40:21.669: RADIUS: 43 41 43 53 3A 30 2F 34 37 30 2F 39 36 30 31 30 [CACS:0/470/96010]
*Jun 6 22:40:21.669: RADIUS: 31 30 31 2F 53 53 4C 55 53 45 52 40 53 53 4C 56 [101/SSLUSER@SSLV]
*Jun 6 22:40:21.669: RADIUS: 50 4E [PN]
*Jun 6 22:40:21.673: RADIUS(00000000): Received from id 1645/27
*Jun 6 22:40:21.673: RADIUS(00000000): Unique id not in use
Rack1R1(config)#
*Jun 6 22:40:21.673: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored
*Jun 6 22:40:21.673: AAA/AUTHOR (0x0): Pick method list 'RAD'
Rack1R1(config)#
*Jun 6 22:40:23.673: WV-AAA: AAA Authentication Failed!
Rack1R1(config)#
*Jun 6 22:40:24.069: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4359
Rack1R1(config)#
router Configuration
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Rack1R1
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/1
logging message-counter syslog
enable password cisco
aaa new-model
aaa authentication login RAD group radius
aaa authorization network RAD group radius
aaa session-id common
dot11 syslog
ip source-route
ip cef
no ip domain lookup
ip domain name INE.com
ip host cisco.com 136.1.121.1
ip host www.cisco.com 136.1.121.1
ip host www.google.com 136.1.121.1
ip host www.ripe.net 136.1.121.1
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3354934498
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3354934498
revocation-check none
rsakeypair TP-self-signed-3354934498
crypto pki certificate chain TP-self-signed-3354934498
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333534 39333434 3938301E 170D3132 30363036 31333030
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353439
33343439 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1E5 889BEB9A 31DFC0D4 7C7F698F 0F52E404 0849263A BD443A96 13C6A440
DCBD4345 EF301E91 0D4AADD9 3C2A17F2 E26E5E96 90F96809 D8FCCF32 7EB58100
74E4772C 6395E03C 1B7F1AF5 482F861F DD62D079 F9977FE2 0E544E18 5FAAF290
DF665B45 EF10D3EC D924E87A 5F827F07 06DE8961 F361C3FA EDBE5F68 452221C8
B9570203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F526163 6B315231 2E494E45 2E636F6D 301F0603 551D2304
18301680 140B00B8 FD9B58CF 8A6F51BE 25DEC6C5 85E14495 05301D06 03551D0E
04160414 0B00B8FD 9B58CF8A 6F51BE25 DEC6C585 E1449505 300D0609 2A864886
F70D0101 04050003 81810006 4192E2DB ABAF533E 9C4BF24E DF6BFD45 144A6AE9
C874E311 27B23E7B E8DB18C3 4FFB4ACA 4B09F63E 62501578 D8F58D73 D08F016F
49C99B8D DA1073E5 A141C1C7 505BD191 FC58EA7F 54BD9B98 579E1726 7C1CA619
A45DDABC 8F315EE9 D20A30A8 2BD5D67D B744BD69 353B4670 E5BA4540 47059E60
9DC4C940 E91AACBB 4EAFFA
quit
username admin privilege 15 password 0 admin
username SSLUSER@SSLVPN password 0 cisco
archive
log config
hidekeys
crypto ipsec client ezvpn EZVPN_CLIENT
connect auto
mode client
xauth userid mode interactive
ip tcp synwait-time 5
interface Loopback0
ip address 150.1.1.1 255.255.255.0
interface Loopback6
ip address 6.6.6.6 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.11
encapsulation dot1Q 12
ip address 136.1.11.1 255.255.255.0
interface FastEthernet0/1.121
encapsulation dot1Q 121
ip address 136.1.121.1 255.255.255.0
interface FastEthernet0/0/0
interface FastEthernet0/0/1
interface FastEthernet0/0/2
interface FastEthernet0/0/3
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
interface Vlan1
no ip address
router rip
version 2
passive-interface FastEthernet0/1.11
network 136.1.0.0
network 150.1.0.0
no auto-summary
ip local pool SSLVPN 40.0.0.1 40.0.0.254
ip forward-protocol nd
ip route 10.0.0.0 255.255.255.0 136.1.121.12
ip http server
ip http secure-server
ip dns server
ip access-list extended SPLIT
permit ip 136.1.11.0 0.0.0.255 10.0.0.0 0.0.0.255
ip radius source-interface Loopback0
radius-server host 10.0.0.100 auth-port 1645 acct-port 1646 key CISCO
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
line vty 0 4
password cisco
scheduler allocate 20000 1000
webvpn gateway SSLVPN
ip interface Loopback0 port 443
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-3354934498
logging enable
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.3055-k9.pkg sequence 1
webvpn context SSLVPN
title "**SSLVPN **"
ssl encryption rc4-md5
ssl authenticate verify all
aaa authentication list RAD
aaa authentication domain @SSLVPN
aaa authorization list RAD
gateway SSLVPN
inservice
end
Any Idea?Hi,
As I understand , you need to know if you can assign static ip to a user and also is there any other way of assiging a ip other than local pool.
There are three ways of assinging an ip address to VPN client: using local pool, AAA server,DHCP.
You can use the following link for more information:-
Assigning static ip for user present locally on ASA:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
For user present on Active Directory:-
http://technet.microsoft.com/en-us/library/cc786213%28WS.10%29.aspx
The following is the link for assigning ip address using DHCP:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml
I hope it helps.
Thanks,
Shilpa -
Hi - Does someone know how to authorize a computer so it will play the songs you've bought from iTunes? I've wasted nearly two hours trying. It all began when I tried to remove a previously authorized computer which broke down years ago.
Step 1 - Log in with apple ID, go into account and click the deauthorize computers button (that's what they tell you to do if you can't connect the broken computer to deauthorize it). I managed that.
Result - Now it says I have no authorized computers. Fair enough. Except I'm trying to reauthorize the one and only working computer we own so it plays the music we've previously bought, and so we can use the iTunes store credit we still have.
Step 2 - Try and reauthorize the working computer - the one I'm typing on - it was authorized earlier today - until I had to unauthorize it to remove the defunct computer with that deauthorize all button.
Anyway the instructions to authorize/reauthorize a computer say, "Go to Store menu - then authorize this computer. " Sounds simple!
It's at this point I'm stuck - the instructions are insufficient for me.There are no links to redirect you to the correct place to authorize your computer. It just says to go to store and authorize this computer. When I press store it's connecting me to store but I can't find anything that says authorize this computer - I can just see album covers etc. On the right I can see our account but I can't find store menu or an authorize this computer button in that either. If I click on our account it says that we have no authorized devices or computers. I'm logged into our account with the correct apple ID - otherwise I wouldn't be able to read that we have no authorized computers would I? And I've logged in and out several times and tried to refresh the page.
Could someone please send me a link to the Store menu so I can click on the correct page then hopefully reauthorize our previously authorized computer. We are using Windows 7, but I don't know what version of itunes - it's a fairly recent version though.
I wish they would make removing and authorizing computers easier - can't they just put a button on the main screen or something?Ozfamily wrote:
Anyway the instructions to authorize/reauthorize a computer say, "Go to Store menu - then authorize this computer. " Sounds simple!
It's at this point I'm stuck - ...
If using iTunes 11... See this Discussion...
https://discussions.apple.com/thread/4631735?tstart=0 -
5760 v3.6 guest portal redirect to ISE
I'm testing a new set of 5760 controllers for a future production rollout, running software version 3.6. Our current production setup consists of older WISM-1 and 4402 controllers running CUWN 7.0. Our guest network has an anchor in the DMZ, redirecting to ISE.
In the recent thread (https://supportforums.cisco.com/discussion/12319151/3850-ise-guestportal-no-redirect-v-334), one of the posters said that guest redirection in 3.6 works similarly to redirection in CUWN, while in 3.3 it is very different. I found the documentation for 3.3 (http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117717-config-wlc-00.html), which I have to say I don't like very much. However, I find the configuration and command reference guides for 3.6 are less than helpful on this point.
So the question I have is whether guest networking with an external redirect to ISE looks like the following in 3.6? Or does it work like CUWN, where the SSID is configured with layer 3 security? If it uses layer 3 security like CUWN, does anybody have a quick configuration sample for how it can work end to end in 3.6?
------ From the document http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117717-config-wlc-00.html ---------
The flow includes these steps:
The user associates to the web authentication Service Set Identifier (SSID), which is in fact open+macfiltering and no Layer 3 security.
The user opens the browser.
The WLC redirects to the guest portal.
The user authenticates on the portal.
The ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) in order to indicate to the controller that the user is valid, and eventually pushes RADIUS attributes such as the Access Control List (ACL).
The user is prompted to retry the original URL.I have a project with a 5760 running 3.6 working to a 5508 anchor controller in a DMZ.
I have web authentication working to an ISE OK.
Regards
Roger
Maybe you are looking for
-
How do I get to a access database to fill fields on a liveCycle form?
I have created a form using LiveCycle Designer and I want to fill in some of the fields on this form by acessing a Acess Database. I have looked on the internet, but have not found anything to help me with this issue. Is there any books or manuals th
-
Mac freezes, shows grey screen then starts back up
For the past two weeks I have had the issue of my iMac suddenly freezing for a few seconds and then it turns to a grey screen for a few more seconds before it starts back up on my user area. All programs get shut down (which is annoying as I do graph
-
How do I create a dataserver from MS Access
I did not see it in the document. Is it possible? Thanks.
-
What is yield() and when it is called
what is yield() and when it is called
-
What are the security aspects of using PHP with SAP; compared to either "in-house" technologies like BSP or Web Dynpro, or using a J2EE-based environment, based on Java? The biggest drawback of PHP seems to be in the security-related area. How does t