OSB 11G - Routing with policy and forwarding authentication headers
Hi there,
I'm having problems trying to add authentication to some services developed with OSB 11G.
One of the requirements is that the services authenticate using the "oracle/wss_username_token_service_policy" policy... So far so good...
My problem now is that one of the services I'm trying to route messages to needs the same authentication as the OSB router... I've tried everything I found but without any success... The headers aren't being propagated...
I've found out that the header variable has the Authentication segments so I can remove the routing, add a service callout and add the header variable to it.. But this is kind of a hammered solution...
Is there any other solution that I'm missing?
Thanks in advance,
Best Regards,
Daniel Alves
Edited by: 863416 on Sep 18, 2012 9:49 AM
Hi,
transporting header setting is described here
Yuan's SOA Blog: Retrieve and pass around http Authorization header with OSB
but something is missing, I have to set proxy service Authentication to Basic. But then OSB authenticate inbound request at local scope and I want to authenticate at called web service level. How to do that?
Similar Messages
-
Oracle Forms 11g SSO with OID and IAM
What versions of OID and Access Manager are required to get an Oracle Forms and Reports 11.1.1.2 application
on Weblogic 10.3.2 configured for Oracle SSO using OID authentication?
We want the OID to store and authenticate Users for username and password logins to the database, then
ultimately by user Certificate authentication in OID. I have OID 11.1.1.2 installed and SSO enabled for Forms
in Enterprise Manager.
Is Access Manager required for Forms SSO with OID authentication to work or just to allow user interaction
for registration and Password reset?
Things mention OAM 10.4.3 and others talk about IAM 11g for Forms 11.1.1.2 SSO to work with OID.
We did this back in Oracle Forms and OID 10g with JSP and LDAP to setup users but I understand 11g is
different and IAM can help or is required for this type of SSO to work.
Any help?
Edited by: Kirch on Apr 30, 2013 7:39 AMHi,
According to Oracle's certification matrix found at http://www.oracle.com/technetwork/middleware/downloads/fmw-11gr1certmatrix.xls, Oracle Forms 11.1.1.2 is not supported to use any Oracle Access Manager (OAM) version. OAM is a component of IAM. It is only supported with Oracle SSO 10.1.4.x. The best solution would be to upgrade the Forms and Reports environment to either 11gR2 (11.1.2.1) or to the latest 11gR1 patchset 11.1.1.7. Both versions are compatible with OAM 11.1.1.7.0 and OID 11.1.1.7.0 where only Forms 11gR2 (11.1.2.1) is compatible with OAM 11.1.2.0 and OID 11.1.1.7.0. That would be the best solution as we have ran into configuration problems in the past with using Oracle SSO 10.1.4.x.
Since OID 11.1.1.2.0 is already installed, you should be able to patch it up to 11.1.1.7.0.
For user authentication in OID, it is required to have OAM or Oracle SSO as both products use WebGate or mod_osso agents for authentication and authorization. For purposes of allowing end users to register accounts and password reset, you will either need to also install another IAM component called Oracle Identity Manager (OIM) or create a customized SSO login page that can be coded to perform these actions. I believe there are some examples available on the Internet.
Thanks,
Scott
http://pitss.com/us -
OSB 11g - Issue with namespace prefix
Hi,
I have a requirement that , whenever I call my target system through business service, always the prefix for a namespace should be 's'.
I added namespace as -
s : http://www.starstandards.org/STAR
When I create request message before calling the Business service, the prefix is -
star:http://www.starstandards.org/STAR
In OSB 11g, can we control prefix for a namespace?
Thanks in AdvanceDisable "Use Chunked Streaming Mode" property in business service configuration and test again. By default, this setting remains enabled.
Regards,
Anuj -
Routing with Maps and Contacts
Before 1.1.3 update, I was able to select an address from a contact and use it as source or destination. After installing the 1.1.3 update, nothing gets selected from the contacts while routing with maps.
Yep...its a glitch of some sort. Go into your contacts and edit the address. Then, select the country from the scroll menu. That should fix it up. Major pain though to do that with every contact for which you have an address.
-
Set up new router with DSL and vonage
I have a dsl modem and also vonage. How do I set up a wireless router with the other two devices? Do I plug the router into the vonage, which is then going to the dsl modem?
Mac Migration and Time Machine DO NOT WORK with Cloud program activations due to hidden files
Sign out of your account... Uninstall... run the Cleaner...
-Restart your computer... Sign in to your account... Reinstall
-using the cleaner after uninstalling and before reinstalling is needed
-http://helpx.adobe.com/creative-cloud/help/install-apps.html (and uninstall)
-http://helpx.adobe.com/creative-suite/kb/cs5-cleaner-tool-installation-problems.html -
Cisco aironet 1040: create wireless with wpa2 and mac authentication
Hi,
I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
Can anyone help me? thanks
Hi,
I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
Can anyone help me? thanksap#show configuration
Using 2085 out of 32768 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 ssid Svez
authentication open mac-address mac_methods
authentication key-management wpa version 2
username 00907a0f2a55 password 7 1249554E425C0D542C79257D66
username 00907a0f2a55 autocommand exit
username administrator privilege 15 password 7 033449040A0620425A0D15564F42
username 0025d3db778b password 7 055B565D74481D0D1B52404A09
username 0025d3db778b autocommand exit
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid Svez
antenna gain 0
station-role root
world-mode legacy
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
end
ap# -
WLC Flexconnect with AAA and MAC authentication
hi,
i am having cisco WLC with 7.4.121 version and i am having remote side access points to be connected to this controller and remote access point will have different vlan on the remote side itself.
my question is i am having Radius authentication for the clients who are all connecting from all the access points and MAC filtering also.
My radius server is placed in the HQ where we have WLC. which method of flexconnect switchign will give be both AAA and MAc filter options to be working.
one more question,
is it possible to make each AP seperate MAC filters On the WLC.
thanks
cyrilIf you are planning on doing machine authentication i.e authentication of machine with username password by the AAA server at then this is possible using flexconnect local switching enabled provided you have your AAA server accessible via the local VLAN at the remote site.
In case you are planning on doing mac-filtering using WLC and username/password authentication using AAA server then this cannot be achieved when you enable Flexconnect local switching as you do not get an option to configure the mac-filtering on Flex-connect groups.Hence you would need to use central authentication.
Actually the best option for you is that you either deploy a local site AAA server and do both the authentications via your radius server or use Central authentication with Flexconnect APs incase this is not feasible.
Hope this clears you doubts!!!
Note: Please do not forget to rate and accept as solution incase the post is valid. -
Dynamic Routing with VPN and multiple Peers
I have several sites that connect to my primary host site (ASA5525-X) via LAN to LAN tunnels and currently all internal host routing is static. I need to implement a backup host site (ASA5520) for the remote sites to connect to. I know that I can add additional peers on each remote site for the host sites. However, I need to be able to do dynamic routing, so that if does not matter which site they are connected to the internal networks will learn where to route the traffic. I am running OSPF on my internal networks at both Primary and Backup host sites and they have an internal connection between the two sites.
Is there a way to accomplish this on the ASAs?
Thanks,
DougTo make perhaps my question a little more clear, this is an example of how I would the result to look like
http://www.latitudes.co.uk/dept_search_pages/search_provence.php
where the labels with the checkboxes are retrieved from the 'category' table and when one or more boxes are ticked, the corresponding values are used to make the selection in the WHERE statement in the MySQL query.
Hope someone can help me out.
Erik -
Hi all if I have 4 routers all on 172.16.1.0, 172.16.2.0, 172.16.3.0, 172.16.4.0, If I use rip on each one, will it advertise 172.16.0.0 as its classful, and would this cause probs with routing ?
By default, RIP and EIGRP will Auto-summarize to classful boundaries. And without further configuration, or a sample physical drawing, could cause problems as each of these networks falls into 172.16.0.0 255.255.0.0 Class-B summary.
-
SMTP with STARTTLS and/or Authentication
Hello,
I'm having trouble with an smtp sender.
I tried both setting authentication and/or starttls, but:
- authentication seem not to be issued if normal smtp is selected, even though I see the call on my Authenticator: the smtp server complains about no authentication.
- starttls seem not to be issued, as the SSL packages complains about a non ssl stream:
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
getPasswordAuthentication: ******** / ********
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "sendm.pec.sonicle.com", port 25, isSSL false
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Her isSSL is false, because I want to use starttls instead of smtps, and the ssl stack complains...as if starttls was not issued.
Session debugging never show commands about starttls nor authentication.
As you can see from the code below, I need a separate Session with its own properties, because I may have more than one relay class running in the same VM, working with different smtp servers and different options.
Notice also that I run a Transport manually, call connect with no arguments, as they will all be found in properties and from the Authenticator.
The class is to be setup its public properties just after instantiation, then call initialize() to setup its session instance.
Then you can call its createMessage(InputStream data) to create a msg from, e.g., an eml file.
Or you can create the MimeMessage yourself, but beware to use the same session as the Relay on creation.
Finally run sendMessage(MimeMessage msg) to send it.
Where is my error?
Here is my code:
import java.io.InputStream;
import java.util.*;
import javax.mail.*;
import javax.mail.internet.*;
* @author gbulfon
public class Relay extends Authenticator {
public String sender;
public String host;
public int port=25;
public String protocol="smtp";
public boolean ssl=false;
public String username;
public String password;
Properties props;
Session session;
public void initialize() {
System.out.println("relay "+host+" uses "+protocol);
props=(Properties)System.getProperties().clone();
props.setProperty("mail."+protocol+".host", host);
props.setProperty("mail."+protocol+".port", ""+port);
if (ssl && protocol.equals("smtp")) {
props.put("mail.smtp.starttls.enable","true");
props.put("mail.smtp.socketFactory.port", port);
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
if (username!=null) {
System.out.println("relay "+host+" is authenticated as "+username);
props.setProperty("mail."+protocol+".auth", "true");
session=javax.mail.Session.getInstance(props,this);
session.setDebug(true);
public Session getSession() {
return session;
@Override
protected PasswordAuthentication getPasswordAuthentication() {
System.out.println("getPasswordAuthentication: "+username+" / "+password);
return new PasswordAuthentication(username,password);
public void sendMessage(MimeMessage msg) throws MessagingException {
Transport transport=session.getTransport(protocol);
transport.connect();
transport.sendMessage(msg, msg.getAllRecipients());
transport.close();
public MimeMessage createMessage(InputStream data) throws AddressException, MessagingException {
MimeMessage msg=new MimeMessage(session, data);
return msg;
}Thanx so much! And sorry for the CODE.......
Anyway I just discovered minutes ago that taking out three lines was going great:
if (ssl && protocol.equals("smtp")) {
props.put("mail.smtp.starttls.enable","true");
//props.put("mail.smtp.socketFactory.port", port);
//props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
//props.put("mail.smtp.socketFactory.fallback", "false");
}just commented out those 3 lines, now it works ;))) -
Configure a Cisco router with Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.Hello Eben,
Peter has suggested to use SSH because of the fact that telnet data is sent in clear text, so someone with the right tools could easily find your password and your device could/would be compromised. It is security best practice. SSH is encrypted.
Technically speaking you do not need to change the hostname / domain name. But majority of Cisco documentation follow this method.
In case you are interested on how to do this without change... see below.
Router(config)#
Router(config)#crypto key generate rsa modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa modulus 1024 label CISCO
The name for the keys will be: CISCO
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Router(config)#
*Jul 11 13:27:51.431: %SSH-5-ENABLED: SSH 1.99 has been enabled
Router(config)#
The normal cases just as shown in Cisco documentation, the parser (without a label on the crypto key) would force us to change the hostname, create a domain name. I think the domain name is there to put a label on the keys.
Router(config)#crypto key generate rsa general-keys modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hos
Router(config)#hostname ISR
lexnetISR(config)#crypto key generate rsa general-keys modulus 1024
% Please define a domain-name first.
ISR(config)#ip domain name net.com
ISR(config)#exit
ISR(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: ISR.net.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] -
Need Fastest Built in router with wireless and no problems
I have tried the WRT110 and 160 it seems the 310 or even the 350 are slow to my previous Wired lan. Problem is I am transferring files using the Wired portion of the WRT series and no using the Wireless. So in theory it should be quite fast but they are like 35+ % slower than my 8 port DSL router of 8 yr old. Any advise?
Try disabling the firewall & antivirus on the wired computer ... See if the file transfer works or not ...
-
OBIEE 11g SSO using OAM and AD (authentication provider)
Hi
I am authenticating my OBIEE users thru Microsoft Active Directory and it works fine.
I would like to set up sso, so as to achieve seamless navigation from my Peoplesoft system to OBIEE.
If anyone has done this before, then could you point me to some reference material. I am not able to find any online.
Thanks
MadhuI believe you can integrate peoplesoft in the same way we have done it for EBS
follow below link. it will help you.
https://kr.forums.oracle.com/forums/thread.jspa?threadID=645740
Thanks
Jay. -
Replace old router with WRT110 and now I can not see shared printer on network
Replaced a BEFW11S4 with a WRT110. Now I can not see a shared printer on the network any more. I have not changed anything on the computer that has the printer shared. I can see the internet on all the computers, but not the shared printer. can you help?
First which you need to check, is your printer is working Offline on your computer. In this case you need to Re-map your Printer on your Computers back again. First check if you have any Firewall or Antivurs Installed on your computer try to disable it and check if you are able to print from your computer. If not then try to Remap the printer on your computer.
Go to Network connections window and if you are able to see your computer name on which the printer is installed, then right click on the Printer and click on "Connect" or "MAP" once done you will be able to print from your computer.
Note down the IP address of the Computer on which you have Installed the Printer. (Click on Start - Run - CMD and click Ok, now in the command prompt type "ipconfig" and note down the Ip address, Then go to your other computer and Click on Start - Run - CMD and click Ok and now in the Command prompt type "ping (IP address of your main computer) and hit enter and check if you are getting any replies. If yes, then again click on "Start - Run - type ( \\ip address of your main computer) and click Ok, and now you will be able to see your printer name then right click on it and click on "Connect" or Map, once done, now check if you are able to print from your computer. -
Mail shows all header with reply and forward
When i reply or forward a mail, the complete mail header is shown. How can i turn this of because i don't see the complete mail header when
the mail is shown.Hi Patrick. It looks like this question has been asked before and there is a simple solution (changing the preferences in the "Viewing" tab of mail). Check out this related discussion:
https://discussions.apple.com/thread/3476487
Hope that helps.
Ivan
Maybe you are looking for
-
I deleted all my photos and videos and then delete the deleted files but the photo app is still taking up 12 GB of space and I have no room for new stuff. How can I clear the memory space used by my deleted videos and photos? I don't know why the p
-
How do i get back my 800gb of lost (free space)
i have a new imac and it has a 3tb fusion drive. i used paralells to port my old computer over to it. the conection went down slightly in to the transfear and now i am left with 800GB of free space on my drive. i can not seem to reclaim this. if i tr
-
I installed Ovia suite on my desktop PC and on my laptop. On my desktop it seems OK with buttons for music, pictures, setup tools,etc. On top, there is a button for my phone (5530), for uploading and foor search in the gallary . On the left is filter
-
Unicode to Japanese characters
Hi, I need a function to convert unicode to Japanese characters. I have a unicode string in my syncBO and it needs to be converted to the "strange" Japanese characters. When I read the unicode String from the MAMText files it is automatically done by
-
I am a brand new Lightroom user. I have been "teaching" myself using Martin Evening's book. Having a little trouble with assigning keywords to images. For example, if I have a 3-level heirarchy and I assign a keyword from the lowest level to an image