OCSP across domains - signing questions

Similar Messages

• SQL Server 2005 Analysis Services across domains

  Hi,
  With SQL Server 2000, the Enterprise Edition was required to access
  Analysis Services across domains.
  Is this also the case in SQL Server 2005, that the Enterprise Edition
  is needed?
  Thanks, S

  Silver,
  Do you still need help with this?
  Thank you!
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• Content Repository sharing across domains

  Hello,
  Is it possible to share a bea content repository across domains?
  Thanks,
  -- Anant

  Ok,
  But besides caching, would there be any other issues, like entitlements and delegated admin?
  If the content cache timeout were to be set to say 20 minutes, then at the most the content would be 20 minutes out of date. So then could you set up a repository in multiple domains, with one domain having the entitlements and delegated admin setup for publishing content and the other domains being read only?
  Thanks,
  -- Anant

• JMS Messaging Bridge ( communication across domains)

  Following is the Scenario
  We have 2 Weblogic domains, Domain A ( running on port 2000) and Domain B (running on port 3000)
  In Domain A I want to look up a Queue which is in Domain B and send a message on that that Queue.
  So the requirement is to send message from one domain to other domain ( i.e sending message across domains )
  I have read on forum that this is possible using JMS Messaging Bridge.Can any body please guide me or provide some sample code for this.
  Thanks in advance.
  Regards
  ~Yogesh

  Hi
  You can define the same queue in both domains.
  In domain A ( the source ) create the Origin of bridge
  In domain A too ( the source) create the destination of bridge ( pointing to address and port of domain B)
  In domain A create the bridge ( joining source and destination )
  In domain A , deploy the connector ... a .rar file
  Best Regards
  Jin
  PD: this doesn?t affect the code of your app.

• How do I enable "Access data sources across domains" in firefox?

  Couple of links do not work on my firefox however they work fine on IE. This is because the "Access data sources across domains" is enabled in IE and i am not sure on how to make this setting enable on Firefox as well.
  Please provide the steps to enable "Access data sources across domains" setting in Firefox.
  Please help!

  This should add the permanent exception:
  [https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_bypassing-the-warning Connection Untrusted Error Message: Bypassing the Warning]
  However if it is not staying until the next time that the user opens up Firefox, is it possible that they are in permanent private browsing? [[Private Browsing - Browse the web without saving information about the sites you visit]] - that should have instructions to get in and out of it.

• Setting cookies across domains

  Hi there all,
  I'm posting this in desperation to be honest, don't think
  there is a cut'n'dried
  answer to this one.
  I've got a horrible situation, (don't ask why, it's far too
  complex and to
  be quite honest.. boring :) ).
  I'm trying to "mesh" together a classic .asp with an asp.NET
  site on 2
  separate domains.
  Basically I've got a page from the asp.NET site (eg.
  www.something.co.uk)
  displayed within an iframe on the .asp (eg
  www.another.co.uk). So far so
  good.
  I need to set a cookie on www.another.co.uk and be able to
  read it, or
  replicate it on www.something.co.uk. Because they are not
  sub-domains I can't
  set the cookie direct because of security restrictions.
  So, I thought I could pass a URL variable across to
  www.something.co.uk via
  the iframe URL, and then using javascript to read said URL
  variable and set
  a cookie on the www.something.co.uk domain. No go. Suspect
  there is yet
  again security restrictions to setting cookies across domains
  using iframe.
  So I'm kind of stuck. Can anybody suggest anything please,
  bearing in mind I
  have very limited control over the asp.NET
  (www.something.co.uk) site, so
  any solution I come up with needs to be using javascript.
  Major sized thanks in advance.
  @ndyB

  You could also pass the id as a hidden field in a form.
  Have the link call a JavaScript function. The JavaScript funcition could access the cookie and pull out the id. The function would then set a hidden field in a form to the id value and then Post the form to the secure server.
  The form would only have hidden fields so it could be tagged on the end of the HTML page and the user would never know it was there.

• Any plan to support tightly coupled transactions across domains?

  Hello,
  is there any plan to support tightly coupled XA transactions across domains?
  Our application has a few global transactions that span multiple domains. One domain updates a record in the Oracle DB. Later on in the same transaction the second domain retrieves the same record. But because of the loose coupling, the second domain cannot see the changes made by the first domain.
  Thanks...
  Roger
  PS: In some cases the second domain is actually a WLS domain. Because the loose coupling is a limitation of the Tuxedo Domain Gateway and WTC uses GWTDOMAIN, one could assume that once Tuxedo supports tightly coupled transactions across domains, WTC would also support it.

  Hi Roger,
  We don't have plans at the moment to solve this problem, although if it is a major problem for you, I suggest you contact Oracle support and ask them to enter an enhancement request. In general most customer have separate databases for each domain or application, thereby not normally running into this problem. Also, changing this in Tuxedo doesn't necessarily mean it would be changed in WLS as they use different transaction managers and the problem is more than a TDomain protocol issue. But generally when we make enhancements like this we try to keep GWTDOMAIN and WTC on par with one another.
  Regards,
  Todd Little
  Oracle Tuxedo Chief Architect

• Fix for Data across domains (need java servlet)

  Hi I can resolve accessing data across domains using php from
  info i found here:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16520&sliceId=1#proxy
  however php is not and option, i need to use java. how can i
  make a java file that does what this php does:
  <?php
  $dataURL = "
  http://targetdata.xml";
  //note that this will not follow redirects
  readfile($dataURL);
  ?>

  will this work if the PDF pages are already created?
  we are going to be provided about 300 already made PDF pages in which I need to do something like , put JSP or Java tags in a form field that will fill the form field with data that the tag queries for....

• Pulling data across domains

  Hello. I have hit a real deadend with this problem. I would
  appreciate some help.
  I have designed a website in Flash (
  http://www.clarkhulings.com).
  Under "Store" on the navigation bar, it contains a PayPal "View
  Cart" button that is not working. This is because the Flash does
  not allow direct access to data on the PayPal site. For security
  reasons, a Macromedia Flash movie playing in a web browser is not
  allowed to access data that resides outside the exact web domain
  from which the SWF originated. See
  http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14213
  http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16520
  I have created a crossdomain.xml file and added it to the
  webserver of clarkhuling.com. The file looks like this:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="*.paypal.com"
  secure="false"/>
  </cross-domain-policy>
  Because clarkhulings.com is not using SSL and PayPal is, I
  have used secure="false" in the code above.
  My Actionscript code that is attached to the View Cart
  button, looks like this:
  view_cart_btn.onRelease = function() {
  var paypal_lv:LoadVars = new LoadVars();
  paypal_lv.onLoad = function(p_success:Boolean) {
  if (p_success) {
  for (var i in this) {
  trace("PayPal Responce "+i+": "+this
  } else {
  trace("PayPal Responce: Error connecting to server.");
  paypal_lv.cmd = "_cart";
  paypal_lv.business = "[email protected]";
  paypal_lv.display = "1";
  paypal_lv.page_style = "hulings";
  paypal_lv.sendAndLoad("https://www.paypal.com/cgi-bin/webscr",
  paypal_lv, "POST");
  As you can see, by going to the website (
  http://www.clarkhulings.com),
  clicking "View Cart" under STORE does not work. What am I doing
  wrong? I would appreciate the help of more learned developers out
  there!
  You can download a copy of one of my FLA files at
  http://www.clarkhulings.com/gallery_affiliates.fla.zip

  الحمد لله
  thanks for Allah,
  and thans for Justin "Cartoon Smart" http://www.cartoonsmart.com/
  i fix this problem using the proxy file which he upload with the RSS Reader tutorial,
  http://www.cartoonsmart.com/rss_reader.html
  so, for any people who have the same problem which is called
  Loading data across domains
  here you are the solution,
  i used the proxy.php file
  just Note if you are using Flash Player 10, you must upload it in the root domain
  like :
  www.yourdomain.com/proxy.php
  Note that you don't need to make any modefications to this file at all, just upload it as it is
  then you point to it in the flash file or in the XML fle which you control the flash form it,
  im my case i control the flash form a xml file called controls.xml and i make variable to load rss feeds from a variable in it called LinkRss
  so in this file i must point to the feed using this way
  Code:
  LinkRss="http://www.yourdomain.com/proxy.php?url=http://rss.news.yahoo.com/rss/topstories"
  sure you will change yourdomain to be any domain name you are putting the flash in it,
  for example
  Code:
  LinkRss="http://www.cartoonsmart.com/proxy.php?url=http://rss.news.yahoo.com/rss/topstories"
  that's all,

• Share external jars across domains

  Hello, I'm wondering what is the best practice or suggestion to share 3rd party jars across domains in JCAPS 5.1.3.
  Thanks

  Thanks for your insight moonsit.
  Also, I would like to organize my dependencies into directories (i.e. localhost/is/lib/myPorject/ext/foo.jar and localhost/is/lib/myPorject/bar.jar) and I tried various bat file to set the classpath to my jar locations....could anyone help me point me to the right directions? Or is the intergration server administration config under jvm settings the right way to do it.
  --Thanks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Domain architecture question if using multiple FMW products

  Hi,
  We are in the initial phases of setting up a WLS/FMW environment to replace our iAS 10.1.2 (forms and reports) and 10.1.3 (j2ee) environments. In addition to bringing over the in-house written applications we will be using the following FMW products - OBIEE, SOA/BPEL, and eventually Forms & Reports. Our question is what would be a good way to architect this environment?
  I initially installed WLS and then configured a domain. When I went to install and configure OBIEE 11.1.1.6 it would not let me extend the existing domain, so I created another domain for it. I haven't been able to find any documentation yet that indicated OBIEE must run in it's own domain, but is that what it is trying to tell us by not allowing us to extend an existing domain?
  Should we create a separate domain for each of the Oracle FMW products I mentioned above? That would require 3 domains if we were to put our in-house applications in to one of 3, but is that a good or a bad idea?
  I see some potential advantages to putting each in it's own domain, but one disadvantage would seem to be that we'd need 3 AdminServers which would also be using resources on the physical server. Would we need 3 node managers if we had 3 separate domains?
  I'm hoping someone else out there has had to create an environment similar to ours and may be able to provide some guidance here. Any advice would be appreciated.
  Thanks.

  Hi
  1. What you want is totally possible like have a single domain with all the stuff installed for atleast 3 products you mentioned like OBIEE, SOA/BPM, Forms/Reports etc.
  2. Lets take few steps back. Domain creation comes in the end. The first thing is installing each of the above products in the same middleware home or different middleware home.
  3. For any product from Oracle, Weblogic Server is the basic underlying application server. First you need to install this with the same version of soa/bpm, obiee that you plan to install on top of this. Once WLS is installed. Now install OBIEE on top of this. You can install SOA/BPM also on top of this same WLS. For OBIEE, you may need to first run RCU and have OBIEE shcemas ready. Because OBIEE simple installation will create a ready to use BI Domain also. Anyhow point is now on top of WLS you have 2 products installed like OBIEE and SOA/BPM.
  4. Now comes the Domain creation. Use config wizard, and create a domain. At this point, you will see all the options (Project Facets) for both the prouducts. If you choose, all soa/bpm modules and obiee modules, you will get a Single Domain with 1 AdminServer and different managed servers for soa/bpm and obiee. I know for soa/bpm, it creates soa_server1, bam_serve1 and for obiee it may have like bi_server1. If you really plan to have all in one domain, I would prefer create clusters like soa_cluster, bam_cluster, bi_cluster, forms_cluster etc. And in these clusters have corresponding managed servers. Then you can have these serves on same physical machine or across remote different physical machine. Only thing is, on all the machines you should have exact same version of wls and all products installed in the same folder structure.
  5. The advantage of having one domain is, you will have one single point of control for all admin stfuff and em stuff to control any product. Also if they interact with each other like soa calling bi reports, this may be little easy from single sign on etc and security configuration etc.
  6. But if you do not have any interaction between them, you can have separate installers like WLS+soa and WLS+biee on different machines. Now a days hardware machines are very cheap with best configuration like 16GB 4 cpu workstation you can get for $2k.
  I have on my side a single installation with WLS + SOA/BPM + OBIEE (all 11.5). Single RCU DB for all these schemas. Single Domain with all soa/bpm and obiee modules deployed ofcourse with different managed servers and 1 admin server. They are all running fine so far.
  Thanks
  Ravi Jegga

• High Availability Of Service Replicated Across Domains

  Hi,
  We have two Tuxedo application , one generate message and calls service of remote domain to send to another Tuxedo application(fix engine) which sends it to external world. There are two remote domains(individual means on separate nodes named SSGWBest and SSGWBoxt) which have the same service(OutFixEn) published of fix engine. We have done this for high availability scenario if one machine is not available or crashed then message can still be sent to external world.
  We are using Oracle Tuxedo, Version 10.3.0.0, 64-bit, Patch Level 095 on AIX 6.1 Power 7 machine. Following is snippet of domain configuration to show how service is published in local domain. SSWBest and SSGWBoxt site both publish service OutFixEn as local and remote(to point to another) sections.
  *DM_LOCAL_DOMAINS
  DEFAULT: SECURITY = NONE
  Dom1 GWGRP = LGWGRP
  TYPE = TDOMAIN
  DOMAINID = "PATDom1"
  DMTLOGDEV = "/appl/aer/a01/data/tcs_bancs//DMLOGDEVICE"
  DMTLOGNAME = "DMLOGDEVICE"
  *DM_REMOTE_DOMAINS
  Dom2 TYPE = TDOMAIN
  DOMAINID = "PATDom2"
  SSGWBest TYPE = TDOMAIN
  DOMAINID = "SSGWBest"
  SSGWBoxt TYPE = TDOMAIN
  DOMAINID = "SSGWBoxt"
  *DM_TDOMAIN
  # Local network addresses
  Dom1 NWADDR = "//uaix3017.unix.bank.nl:50708"
  # Remote network addresses
  Dom2 NWADDR = "//uaix3028.unix.bank.nl:50708"
  #SSG Machine1 Network Address
  SSGWBest NWADDR = "//uaix3021.unix.bank.nl:50708"
  #SSG Machine2 Network Address
  SSGWBoxt NWADDR = "//uaix3034.unix.bank.nl:50708"
  *DM_LOCAL_SERVICES
  sh_COETGETMESSG
  sh_COETPICXML
  sh_COETFLATFILE
  sh_COBTRPAIRMSG
  InpFixEnOC1
  InpFixEnOC2
  InpFixEn1
  InpFixEn2
  InpFixBrs
  InpFixIon
  InpFixRtrs
  InpMmtpEnDrv
  InpMmtpEnCash
  *DM_REMOTE_SERVICES
  sh_COETGETMESSG
  RACCESSPOINT=Dom2
  sh_COETPICXML
  RACCESSPOINT=Dom2
  sh_COETFLATFILE
  RACCESSPOINT=Dom2
  sh_COBTRPAIRMSG
  RACCESSPOINT=Dom2
  OutFixEn
  RACCESSPOINT=SSGWBest
  OutFixEn
  RACCESSPOINT=SSGWBoxt
  OutFixBrs
  RACCESSPOINT=SSGWBest
  OutFixIon
  RACCESSPOINT=SSGWBest
  OutFixRtrs
  RACCESSPOINT=SSGWBoxt
  OutMmtpEnDrv
  RACCESSPOINT=SSGWBest
  OutFixEnOC
  RACCESSPOINT=SSGWBoxt
  *DM_ROUTING
  We tried to test this scenario and started calling service OutFixEn from local domain and during this run we shutdown the tuxedo application server on SSWBoxt site so that OutFixEn was not available (To create service un-availability scenario). Our understanding was that all service calls only land on SSWBest site as domain will suspends this site for service availbility but it did not happen as first few service call failed with TPETIME (my assumption was it will fail through TPENOENT)and then service landing on SSGWBoxt were routed on SSGBest site.
  Based on this test scenario, i have following questions.
  1/ How to achieve routing of services to available domain with minimal service failures (means my only first one or two services fail and then application adjust to route service to available domain) ?
  2/ Is there any other better way to organize these services so that better load balancing and high availability can be ensured ?
  Regards,
  Ajeet Tewari

  Hi,
  It is possible to configure failover and load balancing as you suggest, but that won't solve the problem described. The issue is that the local domain gateway doesn't know the availability of the services in a remote domain. It decides to advertise imported services locally only based on the connection establishment policy (ON_STARTUP or ON_DEMAND), and not the actual state of the remote service. If the connection policy is ON_DEMAND, the service is always advertised locally and when a request arrives for that service, the domain gateway will establish a connection to the remote domain if one isn't present. If the connection policy is ON_STARTUP, the domain gateway won't start advertising the imported services locally until the connection is established. However, once the connection is established, it assumes the imported service is available at the remote domain.
  You have a couple of options here. One is to make sure the service is highly available on the domain, such that when a connection exists to the domain, the service will be available. The other alternative is to switch to an MP single domain configuration as the availability of a service across machines is known.
  Regards,
  Todd Little
  Oracle Tuxedo Chief Architect

• Iweb/Domain name question

  Hi,
  I am making my first Iweb site. I want to host the site through IWeb, but want to be sure I can use the simple domain name I own as the address, rather than a long www.mobileme.myname.domainname.com address. I see instructions involing setting up an alias on with the domain name provider, but wanted to ask around first.
  Also, do you know if I can host more than one website through Iweb.
  thanks for any and all help!
  I have sent these questions to Apple support, but no response yet. I gather the new Iphone is taking up a lot of their tech support time.
  Kim

  the url instantly changes and is long.
  This is the way CNAME pointing works with .Mac. If you like you can make things shorter by shortening the names you give your site and pages.
  Your "url", namely what people need to type to get to your site, is of course just the short version. What appears in the browser address bar is really irrelevant, but if it matters a lot to you, then you can undo everything you did for CNAME and switch to ordinary url forwarding/masking. With that, for every page on your site only www.myname.com will appear in the browser address bar for every page.

• Digital Signatures using JSONP across Domains

  Currently using Apex 3.2.1 through OHS. Not that that really matters in this instance, it would probably work the same in Apex 4.
  I have working code to digitally sign an apex web form. The user presses a "Digitally Sign" button on the page, and an ondemand process runs the pl/sql package to read in the required CGI variables and create a signature string (similar to what you may see on a digitally signed PDF file), then saves that string to the database to mark that form as being digitally signed.
  However, the web server that is running this code must be setup to require user certificates in order for this to work. Instead, what I would like to do is make a call to our login server which is already setup to require user certificates, and get the digital signature from there instead.
  So far, I have created a mod_plsql call on the login server which I can access via a URL to return the signature, but what I don't know how to do is call that URL from an Apex page on the normal server? From my research, I'm thinking this is going to need to use JSONP because it would require cross domain communication. Am I going in the right direction here? I don't know a thing about JSON, and I'm not sure where to start.
  Can anyone provide any guidance?
  Thanks,
  Kris

  Anybody have any guidance on how to handle this?
  Thanks!

• Active Directory Cached Domain Login question

  Hi all,
  I would like to seek assistance on the following scenario setup where I have 2 independent AD forest setup
  Production Forest #1 - Contoso
  Test Lab Forest #2 - Contoso
  Assuming both AD forests domain controllers are issued with Domain Controller Certs (to support smartcard login) from the same CA, and there exists a AD user acct - Mark in Production Forest #1 and this user is currently using a issued smartcard to perform
  AD login on desktop client #1
  Would it be possible to create a AD user acct - Mark in Test Lab Forest #2 and use the same issued production smartcard to perform AD login on laptop client #2 which is joined to Test Lab Forest #2? If not technically possible, why??? :(
  I am trying to find a solution where I can have the laptop clients support login using the issued production smartcard. The challenge here is not all the laptop clients site have access to the production domain controllers hence am thinking of building the
  Test Lab Forest #2 on another "server" laptop which provides a mobile means to allow the laptop clients to be joined to the Test Lab Forest and then supporting the issued production smartcard via domain cached login.

  So far I know the only requirement is that the UPN match and that the PKI is trusted (in NTAuth) in the forest, but I'm not a PKI expert. I suggest to ask this question in the security forum as well:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog