Probelm client auth from jsse client with open ssl server

Similar Messages

• How  to Hold the client ip from the client calls made to the ejbweb servic?

  Hi
  I am working on Ejb3 web services.I want to hold the client ip from the client calls made to the web service.I deployed this service in jboss AS 4.2.1
  In the service implementation i started using
  @Resource
  SessionContext sessionCtx;
  My idea is to get the MessageContext from this SessionContext and finally to get the HttpServletRequest.
  I got the sessionCtx(BaseSessionContext) object.When i am trying to access the MessageContect using the below syntax
  System.out.println(sessionCtx.getMessageContext());
  I got ---ERROR [SOAPFaultHelperJAXWS] SOAP request exception
  javax.ejb.EJBException: java.lang.IllegalStateException: No message context found
  Please provide me with correct solution to this problem.Please also suggest if there is any alternate approach to get the client ip in the service implementation.
  Thanks
  Adinarayana

  Hi,
  Assuming that you are using Form 6i or greater, one way to do is to embedd a java bean in the form, this bean would get you the ip address and in the form you can get_custom_property( ) to get the value from the bean to the oracle form.
  There is one demo example in OTN site to get the ClientIP address, check out if that helps you.
  Regards,
  Dinesh

• How can I create a client console and work together with the Cache Server?

  How can I edit the following Cache-Server.cmd file to create a client console and work together with the Cache Server?
  The following is the cache server file: contacts-cache-server.cmd
  @echo off
  setlocal
  if (%COHERENCE_HOME%)==() (
  set COHERENCE_HOME=c:\coherence
  set CONFIG=C:\home\oracle\coherence\Contacts
  set COH_OPTS=%COH_OPTS% -server -cp %COHERENCE_HOME%\lib\coherence.jar;C:\home\oracle\
  coherence\Contacts;C:\home\oracle\coherence\Contacts\classes;
  set COH_OPTS=%COH_OPTS% -Dtangosol.coherence.cacheconfig=%CONFIG%\contacts-cache-config.xml
  java %COH_OPTS% -Xms1g -Xmx1g -Xloggc: com.tangosol.net.DefaultCacheServer %2 %3 %4 %5 %6 %7
  :exitEdited by: junez on 23-Oct-2009 09:20

  Hi
  To run the console, change DefaultCacheServer to CacheFactory
  Paul

• How to reach an Oracle BI Server (client 1) from another client (client 2)

  Hi all, I'm new to the BI EE's world and I have a connection's problem.
  I have installed Oracle BI EE 10.1.3.3.2 (Complete installation - all component) & Oracle 10g DB on my pc (pc 1). The BI server is started.
  ..and then another colleague of mine installed only Oracle BI EE 10.1.3.3.2 (Oracle Business Intelligence Client Tools) on her pc (pc 2).
  Now, from the pc2, with Oracle BI Administration Tool we want to have access to the Oracle BI Server installed on the pc1.
  Now, my question is this:
  Which steps I have to follow in order to open a repository located on the pc1 with Oracle BI Administration Tool located on pc2 ? I know we have to modify the NQSConfig.INI file...but HOW ?
  Any helps will be appreciated
  Alex

  Hi,
  If you want to open the rpd in offline mode, just open the .rpd file sharing the server's folder. In online mode you need to create an odbc to the server, in System DSN, choose the OBI EE driver, port, login etc, when you click in the open online icon, you will be able to choose the ODBC.
  Regards.

• 10.8 (client) lost calendar push sync with 10.6 Server?

  I've just upgraded to 10.8 (client) for testing and am using it with our company server (10.6.8 Server).
  The only issue I've found is the lost ability for Calendar to access 'push' notifications - I've had to go back to manually refresh every 5 minutes.
  Other than that, nothing too much to report on using the 2 systems  - oh, apart from not being able to administer the server from 10.8 client machine anymore, so will need screen sharing to log on to the server and run the server apps.
  Christiaan

  Try checking the Authentication Type for the POP account.  It is located in Mail > Preferences > Accounts > selected account > Advanced
  10.8 tends to use Apple Token.  I think you will need to use a type of MD5 Challenge-Response or Password.

• Using SSL with client auth from a JNLP-launched app

  We have an application that is launched by JNLP, and which needs to make a mutually authenticated SSL connection to a server. The client cert and trusted certs that it needs to do this are stored in the Sun\Java\Deployment\security directory where JNLP knows to look for them. And Java WebStart itself seems to be able to use these certs just fine. However, our app seems blithely unaware of the location of the keystore/truststore unless we explicitly set the system properties javax.net.ssl.keystore and truststore. But we don't want to do that (it could be different for different users), and we shouldn't have to do that. So the question is, how can we use the same KeyManager/TrustManager that Java WebStart itself is using? Are they somehow available for the JNLP-launched app to use?
  Failing that, is there a way for a JNLP-launched app to query the deployment properties? There are a bunch of properties to direct the behavior of Java WebStart (see [http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/properties.html]), such as deployment.user.security.trusted.cacerts. These don't seem to be System properties. Can the app see them, or are the "private" to Java WebStart itself?

  HI:
  see also shine enterprise pattern.
  I have worked with it and it helps me and results spead up.
  it has a class which is named "code" and does encryption and ... by md5. it is incredibly secure! tey it.
  you can download it via links bellow:
  http://groups.google.com/group/j2sos.
  http://sourceforge.net/projects/shine-enterpris/
  it has also document

• How do I check set up of a client (OSX and iOS) operation with OS X Server based Software Update

  I have just updated OS X Server running on MacMini to version 3.2.1. I have the following services enabled on my private local network with Server active:
  Caching
  File Sharing
  Software Update (Advanced)
  Questions:
  How do I install/confirm Software Update at the Server, step-by-step?
  How do I confirm confirm that my clients - both OS X and iOS are presently pointing to Server for the first try at Software Update?
  Will the mobile devices, once pointed to Server when accessible (on my private network) still function to Apple's Update Server when on the road? If not is there a quick way to repoint them automatically?
  Please answer these concerns related to a private network config.
  Thanks,
  Henry

  Good morning Ajay,
  The checkbox appears on the 4th screen when you use the "New Transformation Wizard" to create a function (directly under checkbox "Function is deterministic").
  IMHO, whether the code is run in parallel or not depends on how the mapping is run; if parallel it would try to run the function in parallel as well (unless - I guess - you've altered the property of the function in the mapping which says it can only be run row-based).
  HTH.
  Regards, Patrick

• Agentry Client 6.1.3 installation with preconfigure SMP server name et TCP Port

  Hi,
  I'm looking for a way to deploy an Agentry Client (version 6.1.3.xxx) on multiple devices without having to manually specify the SMP server name and TCP port.
  When the user get's it, I just want him to only enter his credential to start the first synch/config process.
  Anyway do easily do that?
  Thanks for your help!
  Eric

  Hi Bill,
  Here's what I did in more detail so you can pin point what I do wrong (hopefully :-)).
  First I extracted the branding files of the Agentry_6.1.3.10212_ClientWin32.exe.
  Agentry_6.1.3.10212_ClientWin32.exe /Branding=D:\Temp\Agentry.
  This is the directory and file structure I got out of it.
  The 2 directories are created as you mentionned.
  If I browse to the AgentryClient_Win32 directory I see thoses files:
  If I browse the Installer directory I see :
  The Include and Plugins directories are as follow :
  I still can't find the AgentryClient.exe.config file???
  Eric

• Disk image can mount from local terminal with "open" command but not via ssh

  I have a disk image "backup_image.sparsebundle". If I go to the terminal on my machine and type "open backup_image.sparsebundle" the disk image mounts as expected. No problems. If I secure shell (ssh) log in from a remote Mac and execute the same "open backup_image.sparsebundle" a warning dialog pops up and states that "The following disk images couldn't be opened" followed by my disk name. This is incredibly odd because it used to work just fine. I didn't think there were any ACL differences between a local terminal shell and remote ssh. I mean a shell is a shell right? Or, it used to be and now it isn't? I'm not doing anything obviously incorrect (to me); I'm the same user locally and remotely, same path to disk image. This used to work fine before Mountain Lion.
  Background: All of this started because I wrote a script that would ssh in to a remote machine, open the disk image on that remote machine, mount it across the network over afp and rsync. If I leave the disk image mounted on the remote machine, the script runs fine but if the image is close and I try to remotely open the image as I always did, it fails. The only thing that has changed in the system is, now, both machines are running Mountain Lion. Odd.
  Suggestions?

  Storing the password for the remote disk image in the local keychain of the computer running the script (in to a variable), then passing it accross to the remote machine worked. I'm not sure why all of this changed moving from Lion to Mountain Lion but I suppose it is slightly more secure.
  To programatically mount and sync a remote encrypted disk:
  #!/bin/bash
  if [ -n "`mount | grep ~/sync`" ]; then
    echo "Already mounted"
  else
    pw=$(security -v find-generic-password -w -D "application password")
    ssh -o ConnectTimeout=1 [email protected] "echo $pw | hdiutil attach /Users/user/backup_image.sparsebundle"
    mkdir ~/sync
    mount_afp -s "afp://matdup01:[email protected]/Disk Image" ~/sync
  fi
  if [ $? -eq 0 ]; then
    echo "Mount succeeded!"
  else
    echo "Mount Failed"
    exit 0
  fi
  rsync -vrxtu --delete-before --exclude _* "/Volumes/Media/new Media/" ~/sync/new\ media/
  umount ~/sync
  rmdir ~/sync
  exit

• L2TP based VPN with OpenS/WAN server, OpenSSL machine certificates

  I cannot seem to get OSX to accept the machine certificates for a VPN connection using Internet Connect.
  I have generated OpenSSL x509 certificates for the server and client side, the same process has generated certificates that work just dandy with WindowsXP. The certificates have "subjectAltName=" key/value pairs assigned to the IP address of the VPN server.
  Once generated I import the certificates into OS X (you have to run KeyChain Access with "sudo" from the console to get this to work). The certificate authority seems to be ok, the CA has been added to the x509Roots, and when I examine the machine certificate for my OS X install using KeyChain Access the certificate is marked valid.
  I generated the hash link for the certificate:
  ln -s /etc/racoon/certs/certname.pem /etc/racoon/certs/'openssl x509 -noout -in certname.pem'.0
  From the console I run '
  openssl verify certname.pem
  It fails unless I specify '-CAPath /etc/racoon/certs', then it passes.
  When Internet Connect is setup to use the certificates I can see in the OpenS/WAN logs that the OS X box connects and negotiates IPSEC to MAIN_3. At this point pluto logs the following:
  ignoring informational payload, type INVALIDCERTAUTHORITY
  This repeats for several re-tries before the OS X side gives up. No useful logging is generated on the OS X side for me to debug, and everything from the OpenS/WAN side seems to be kosher, it appears to be an oakley/racoon issue with validating the machine certificate provided by OpenS/WAN to the OS X side, with the OS X side unable to verify the certificate.
  Has anyone solved this? Any ideas on how to improve the logging output from OS X so I can see what racoon/oakley is carping about in the certificate files it is using?

  I'm having the same problem. I've got a machine cert on my Mac OS 10.4.6 client that was issued by my Win2003 CA. When I try and connect, it just hangs and then dies. In the Security Logs on the 2003 L2TP server, I even see a successful IKE negotiation (MS Event ID 541 and 543 below).
  EventID 541:
  IKE security association established.
  Mode:
  Key Exchange Mode (Main Mode)
  Peer Identity:
  Certificate based Identity.
  Peer Subject C=US, S=City, L=State, O=Company, OU=group, CN=machine.subdomain.company.com, E=[email protected]
  Peer SHA Thumbprint peerthumbrint
  Peer Issuing Certificate Authority O=company.com, CN=Certificate Authority
  Root Certificate Authority O=company.com, CN=Certificate Authority
  My Subject CN=server.subdomain.company.com
  My SHA Thumbprint mythumbrint
  Peer IP Address: x.x.x.x
  Filter:
  Source IP Address x.x.x.x
  Source IP Address Mask 255.255.255.255
  Destination IP Address x.x.x.x
  Destination IP Address Mask 255.255.255.255
  Protocol 0
  Source Port 0
  Destination Port 0
  IKE Local Addr x.x.x.x
  IKE Peer Addr x.x.x.x
  IKE Source Port 500
  IKE Destination Port 500
  Peer Private Addr
  Parameters:
  ESP Algorithm Triple DES CBC
  HMAC Algorithm SHA
  Lifetime (sec) 3600
  MM delta time (sec) 1
  EventID 543:
  IKE security association ended.
  Mode: Key Exchange (Main mode)
  Filter:
  Source IP Address X.X.X.X
  Source IP Address Mask 255.255.255.255
  Destination IP Address X.X.X.X
  Destination IP Address Mask 255.255.255.255
  Protocol 0
  Source Port 0
  Destination Port 0
  IKE Local Addr X.X.X.X
  IKE Peer Addr X.X.X.X
  IKE Source Port 500
  IKE Destination Port 500
  Peer Private Addr
  At least give me a some methods to debug with.

• Trouble with opening/creating Server Model Diagrams

  I created server model diagrams by drag-and-dropping specific tables from the Server Model Navigator. Is it supposed to take a LONG time
  for this step (e.g., 3 whole minutes for one table) or should it be basically "immediate"? They eventually made it, but seemed unreasonably long!
  I saved the diagrams, quit, and come back to the repository, see the diagram names, click on a diagram, verify the elements inside, everything
  looks good -- until I try to open the diagram, it (Design Editor) locks up every time!!
  Does anybody know why I'm having either one of the above problems? Is there any setting I need to configure?
  (By the way, I'm using Designer 6i with an Oracle 8.1.7 database.)
  Thanks in advance.
  Brenda

  Could be your memory. Designer takes alot to run, as you may know. Minimum should be 256mb. Close all apps and try to open
  the diagram again. I have had lots of trouble with my designer locking up!

• How do you host a domain and several email addresses from that domain with OS X Server?

  Right now I have a domain name through GoDaddy.com and one email address to that domain...we will have about 5-8 in total...How do I setup OS X Server to host our own domain (without using GoDaddy) and setup our own mail server?

  There are several steps that you would need to do.
  Set up OS X Server with mail services and users. Also, you may have to have your OS X mail server relay messages through your ISP so you can email people at other domains.
  Set up firewall/router to forward IMAP/POP and SMTP ports from your external IP address to your server (which is either in the DMZ of the firewall or on LAN).
  Set up DNS records so your domain name points to your server (and if you do not have a static IP address, you will need to set up dynamic DNS). At a minimum you will need 2 DNS records: an A (or AAAA for IPv6) record for the server (I think it can be the root of the zone) and a MX (mail exchange) record.
  If everything is set up correctly, you should have a mail server hosting on your domain with your server.
  Those would be the major steps you would need to complete. Details on the exact procedure for each of these steps can be found reading the OS X Server documentation, documentation for your router/firewall for port forwarding/NAT, and your specific DNS service.

• Client auth error

  I am using iPlanet Web Server 6.0 SP4 on Solaris 2.8 that is enabled for SSL and Client-auth.
  In order to validate the client certificate, I configured this server to use my own Plug-in by adding authTrans line in "obj.conf":
  <Object name=default>
  AuthTrans fn="vsCheckClientCert"
  </Object>
  During startup, web server fails with following error.
  Thanks in advance!!!
  [20/Sep/2002:11:50:58] info ( 1984): successful server startup
  [20/Sep/2002:11:50:58] info ( 1984): iPlanet-WebServer-Enterprise/6.0SP4 B07/17/2002 14:04
  [20/Sep/2002:11:51:00] info ( 1985): Installing a new configuration
  [20/Sep/2002:11:51:00] info ( 1985): [LS ls1] https://xx-sun.yy.com, port 444 ready to accept requests
  [20/Sep/2002:11:51:00] info ( 1985): A new configuration was successfully installed
  [20/Sep/2002:11:51:01] info ( 1985): Using the Solaris VM v1.2.2 from Sun Microsystems Inc.
  [20/Sep/2002:11:51:01] info ( 1985): Java VM classpath: /usr/netscape/servers/plugins/servlets/examples/legacy/beans.10/SDKBeans10.jar:/usr/n
  etscape/servers/bin/https/jar/NSServletLayer.jar:/usr/netscape/servers/bin/https/jar/NSJavaUtil.jar:/usr/netscape/servers/bin/https/jar/Admin
  NativeUtil.jar:/usr/netscape/servers/bin/https/jar/NSJavaMiscUtil.jar:/usr/netscape/servers/bin/https/jar/servlet.jar:/usr/netscape/servers/b
  in/https/jar/servlet-2.3-filters-api.jar:/usr/netscape/servers/bin/https/jar/jsp092.jar:/usr/netscape/servers/bin/https/jar/jaxp.jar:/usr/net
  scape/servers/bin/https/jar/crimson.jar:/usr/netscape/servers/bin/https/jar/xalan.jar:/usr/netscape/servers/bin/https/jar/jspengine.jar:
  [20/Sep/2002:11:51:01] info ( 1985): Loading IWSSessionManager by default.
  [20/Sep/2002:11:51:01] info ( 1985): IWSSessionManager: Maximum number of sessions is 1000
  [20/Sep/2002:11:51:01] config ( 1985): for host 0.0.0.0 trying to GET /, Client-Auth reports: get-client-cert requires that security and SSL3
  be enabled.
  [20/Sep/2002:11:51:01] failure ( 1985): for host 0.0.0.0 trying to GET /, vsCheckClientCert reports: Couldn't get a client authentication cer
  tificate
  [20/Sep/2002:11:51:02] config ( 1985): for host 0.0.0.0 trying to GET /, Client-Auth reports: get-client-cert requires that security and SSL3
  be enabled.
  [20/Sep/2002:11:51:02] failure ( 1985): for host 0.0.0.0 trying to GET /, vsCheckClientCert reports: Couldn't get a client authentication cer
  tificate
  [20/Sep/2002:11:51:02] failure ( 1985): vs(https-cvm-test-444)Error getting document-root for this virtual server; please check your server c
  onfiguration.
  [20/Sep/2002:11:51:02] failure ( 1985): vs(https-cvm-test-444)Cannot create web applications virtual server environment.
  [20/Sep/2002:11:51:02] failure ( 1985): Internal Error: Failed to initialize web application environment (web-apps.xml) for virtual server (h
  ttps-cvm-test-444)
  [20/Sep/2002:11:51:02] info ( 1985): Internal Error: Failed to initialize web application environment (web-apps.xml) for virtual server (http
  s-cvm-test-444)
  [20/Sep/2002:11:51:02] failure ( 1985): The new configuration was rejected, rolling back

  Thanks for the reply!!
  My SAF (vsCheckClientCert) works fine if I disable the servlets. It also works by disabling the Web Application State in server.xml
  <VSCLASS id="defaultclass" objectfile="obj.conf" rootobject="default" acceptlanguage="off">
  <VS id="https-cvm-test-444" state="on" urlhosts="psingal-sun.verisign.com" mime="mime1" aclids="acl1" connections="group1">
  ===> <VARS webapps_file="web-apps.xml" webapps_enable="off"/>
  </VS>
  </VSCLASS>
  I am facing the problem only with iPlanet 6.0, the SAF worked fine with "Servlet Enabled" in the previous releases of iPlanet 4.x. Is there any way by which my SAF works with default server settings i.e. Servlet Enabled and Web Application State On?

• 10.4.8 open directory server 10.3.9 clients desktop

  OK the 10.3.9 clients to my 10.4.2 open dir server could not find their home directory on login. I changed the contacts tab in the 10.3.9 directory access utility program which seemed to fix things - But things are not completely perfect:
  upon login, the users custom desktop pattern is not loading.

  Further to this problem.
  I have down graded a machine to 10.4.3 and the same problem occurs. If I restart the machine the local user account is the only one that appears. I login through that and logout again the full list of netework users reappears. I can the n login as a network user, all files and folders are there all permissions seem to be respected and the user can wwork fine.
  If you then logout and login to the local user and logout again network users are able to login again for perhaps 2 subsequent logins and then the machine hangs.
  I had a look at my AFP error log which is normally empty and soome MMAP error entry, sorry I'm at home and doing this from memory.
  I supose the ultimate answer is upgrade my server to 10.4.x but this being Botswana that could take a while. I could downgrade the Mini's to 10.3.9 but they don't seem to like that much either.
  This is all a bit wierd as I tested this with a sample machine at 10.4.5 and .6 before upgrading the room.
  Phoning Apple is not really an option here in Botswana so please feel free to wade in.
  Also found the same problem at this URL http://lists.apple.com/archives/client-management/2006/Apr/msg00122.html

• BI CLIENT REFRESH FROM PRD TO DEV

  DEAR GURUS,
  I want to do client copy from production to development of BI server. I want to carry out the infocubes, queries, etcc. from prd to dev.
  for the above activity which profile i want to select for client copy.
  After client copy shall i get all the infocubes,queries of prd server.
  Because for system copy i don't have that much space in dev server.
  please guide me
  regards
  santhosh

  Hi,
  Pls chk this:
  How to System Copy in SAP Business Intelligence System Landscapes (NW2004)
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bff13df2-0c01-0010-6ba7-bc50346a6fd8
  Strategies, Techniques, and Best Practices to Upgrade, Copy, and Migrate SAP BW Systems
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b8d163a7-0301-0010-d9b0-98f692ea3c60
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bff13df2-0c01-0010-6ba7-bc50346a6fd8
  Note 184322 - Procedure after DB copy of BW source systems
  Note 886102 - System Landscape Copy for SAP BW 2.X, 3.X and NW2004s BI
  Note 771209 - NW04: System copy (supplementary note)
  Note 89188 - R/3 Source System Copy
  Regards
  CSM Reddy