Problems with SPML 2 and Single Sign On

Similar Messages

• Problem with Infrastructure instalation (Single Sign-on)

  While instaling 9iAS rel 9.0.2 on Ms Win 2000 Server during SSO Configing I've an error (from file installAction):
  Portal SMI: Initialised plugin: CachePlugin
  Portal SMI: Oracle home: D:\Oracle\OraInfrastr was registered.
  Portal SMI: ERROR: Web DAV: /dav_portal/orasso could not be found.
  Portal SMI: ERROR: Cancel changes called.
  ERROR : Exception while configing SSO DAD
  From file dcm\logs\dcmctl_logs\log.xml:
  <MESSAGE>
  <HEADER>
  <TSTZ_ORIGINATING>2002-07-12T14:07:35.375+02:00</TSTZ_ORIGINATING>
  <COMPONENT_ID>iAS_dcm</COMPONENT_ID>
  <MSG_TYPE TYPE="ERROR"></MSG_TYPE>
  <MODULE_ID>oracle/defaultLogger/ExceptionLogger</MODULE_ID>
  <PROCESS_ID>null-Thread[main,5,main]</PROCESS_ID>
  <USER_ID>oracle</USER_ID>
  </HEADER>
  <PAYLOAD>
  <MSG_TEXT>[TM] Deployment Adapter resync error</MSG_TEXT>
  <SUPPL_DETAIL><![CDATA[oracle.ias.sysmgmt.exception.ProcessMgmtException: OPMN operation failure
       at oracle.ias.sysmgmt.clustermanagement.OpmnAgent.validateOperation(Unknown Source)
       at oracle.ias.sysmgmt.clustermanagement.OpmnAgent.startOC4JInstance(Unknown Source)
       at oracle.ias.sysmgmt.clustermanagement.StartInput.execute(Unknown Source)
       at oracle.ias.sysmgmt.deployment.j2ee.adapter.DeploymentAdapter.startOc4j(Unknown Source)
       at oracle.ias.sysmgmt.deployment.j2ee.adapter.DeploymentAdapter.resync(Unknown Source)
       at oracle.ias.sysmgmt.task.TaskMaster.resync(Unknown Source)
       at oracle.ias.sysmgmt.task.TaskMaster.resync(Unknown Source)
       at oracle.ias.sysmgmt.task.InstanceManager.sysInit(Unknown Source)
       at oracle.ias.sysmgmt.task.InstanceManager.init(Unknown Source)
       at oracle.ias.sysmgmt.cmdline.DcmCmdLine.execute(Unknown Source)
       at oracle.ias.sysmgmt.cmdline.DcmCmdLine.main(Unknown Source)
  ]]></SUPPL_DETAIL>
  </PAYLOAD>
  </MESSAGE>
  Thanks for any help.
  Jarek

  user12220476 wrote:
  I have worked out OSSO10g with PKI certificate authentication recently. I had the OAS Infra10.1.4.0.1 installed and that included the OID10.1.4. SSO10g and +. I think OID 11g still needs SSO10g work with. When I reviewed the 11g Fusion Middleware doc, found out it'd be better to do OAS10g installation. If you have the questions about the setup, let me know.
  Edited by: user12220476 on Aug 8, 2010 10:49 PMOriginally I was looking at installing the necessasary support for OID on a separate server, but we do have OAS 10.1.2. running as the host platform for most of our apps, which are Oracle Forms apps. A check of the installed products shows
    Oracle Homes
      Oracle10gASR2_Forms9i
        Oracle Application Server Forms and Reports Services 10g 10.1.2.0.2
          Oracle Application Server 10g 10.1.2.0.2
            Oracle Application Server Middle Tier Products 10.1.2.1.0
              Oracle Application Server Core Products 10.1.2.0.0
                Oracle Internet Directory Tools 10.1.2.1.0
                  Oracle Internet Directory Tools Patch 10.1.2.3.0So it looks like I have what I need already installed.

• Multiple and single sign on

  Hi Experts,
  Could you please give info on Multiple and single sign on directory settings ?
  Regards
  Sara

  hi sara,
  have a look on this also. u can get better idea on sign on's
  this is a very deep document.............
  reward me points if its usefull.................dont forget
  Single Sign-On in SharePoint Portal Server 2003
  This is a sample chapter from the Microsoft SharePoint Products and Technologies Resource Kit. You can obtain the complete resource kit (ISBN 0-7356-1881-X), which includes a companion CD-ROM, from Microsoft Press.
  Single sign-on is a new feature in Microsoft Office SharePoint Portal Server 2003 that provides storage and mapping of credentials such as account names and passwords so that the portal site–based applications can retrieve information from the third-party applications and back-end systems, for example, Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems. The single sign-on functionality is implemented by the Microsoft Single Sign-On (SSOSrv) service. SSOSrv is a credential storage service that allows the saving and retrieval of credentials. The use of single sign-on functionality stops users from having to authenticate themselves more than once when the portal site–based applications need to obtain information from other business applications and systems.
  In a single sign-on environment, these back-end applications and systems are referred to as enterprise applications. To enable customers to interact with an enterprise application directly from the portal site, SharePoint Portal Server 2003 stores and maps assigned credentials within an enterprise application definition. By using application definitions, you can automate, and secure the sign-on process to the corresponding enterprise applications from a portal site–based application.
  The single sign-on functionality enables scenarios where multiple Web Parts access different enterprise applications, which each use a different type of authentication. Each Web Part can automatically sign on to its enterprise application without prompting the user to provide credentials each time. There are endless uses of single sign-on functionality within an enterprise environment. For example, let’s consider two different scenarios—a human resources intranet site and a business intelligence site, as follows:
  •     A standard human resources (HR) portal site or page might include several Web Parts that display employee information from a back-end employee management system. This employee data is stored in a dedicated HR database system, frequently based on SAP or PeopleSoft. These HR databases do not support Microsoft Windows IDs, might not run on Windows-based operating systems and, in fact, might include proprietary logon protocols. The Web Parts on the portal site should retrieve the individual employee data without prompting for a separate logon. In this example, the individual employee does not have a separate logon to the HR system, but uses a group account that provides generic read access to the database. In other words, the employee does not know the user name and password required to log on to the system he or she is accessing.
  •     An executive might use a portal site to provide a dynamic, aggregated view of relevant business information. This data is stored in two places: Siebel stores the customer relationship information, and SAP tracks accounts and payments. To see an integrated view, the portal must log on to and access both back-end systems. Prompting the user for additional passwords is an unacceptable user experience. In this example, the executive does not need to know the user names and the passwords required for logon to the back-end systems. In addition, multiple Web Parts are used to ensure this integration. By default, each Web Part separately authenticates the user to the appropriate back-end system.
  As these examples show, by using single sign-on you can centralize information from multiple back-end applications through a single portal that uses application definitions. In addition, SharePoint Portal Server 2003 provides a programming interface for developers to use and extend this feature.
  Single Sign-On Architecture
  For each enterprise application that SharePoint Portal Server connects to, there is a corresponding enterprise application definition configured by an administrator. This application definition is used by a Web Part to integrate with the enterprise application within a portal site. The application definition controls how credentials for a particular business application are stored and mapped. The code within the Web Part uses the application definition to retrieve credentials that are then used to integrate with an enterprise application. This process is transparent to the portal site users.
  There are two primary types of enterprise application definitions used with the SSOSrv service, as follows:
  Individual enterprise application definitions.
  •     In this scenario, individual users know and can manage their own credentials stored within the enterprise application definition.
  Group enterprise application definitions.
  •     In this scenario, the individual user does not know his or her credentials stored within the enterprise application definition, but is associated with a managed group account.
  The single sign-on administrator, rather than the individual user, chooses the account type when configuring the enterprise application definition.
  The SSOSrv service stores encrypted credentials in a Microsoft SQL Server database. When you set up the single sign-on on the job server, you specify two settings for the single sign-on database: the name of the computer running SQL Server where the credentials store will be located, and the name of the database that will become the credentials store for your Web farm. These settings are stored in the SharePoint Portal Server configuration database.
  All credentials in the credentials store are encrypted using the single sign-on encryption key. When you configure single sign-on for the first time, the encryption key is created automatically. You can regenerate the key if required and re-encrypt the credentials store; for example, you might have a policy to change the key after a certain amount of time.
  How Single Sign-On Works
  When individual enterprise definition is used, on the first access to the Web Part that integrates with the enterprise application, if a user’s credentials have not been stored in the single sign-on database, the user is redirected to the logon form that prompts the user for appropriate credentials for the enterprise application. The number, the order, and the names of the fields in the logon form are configured by the administrator within the application definition; the logon form is generated automatically based on these configuration settings. The developer needs to write the code within the Web Part to check whether the credentials exist in the database, and to redirect the user to the logon form if necessary. The user-supplied credentials are then stored in the credentials store and mapped to the Windows account that is this user’s account for SharePoint Portal Server. Then, the user is redirected back to the original Web Part. The code in the Web Part then submits the credentials from the credentials store to the application in the way that is relevant to this application, and retrieves the necessary information that is then presented to the user within the Web Part. This process is shown in Figure 26-1. The steps are as follows:
       1.     A user accesses the Web Part that integrates with the enterprise application for the first time. The Web Part code checks whether the user credentials for the required application are stored in the single sign-on database. If they are stored, the process continues from step 6 in this list.
       2.     If there are no credentials stored for this user for the required application, the user’s browser is redirected to the logon form for this application.
       3.     The user supplies credentials for the application.
       4.     The supplied credentials are mapped to the user’s Windows account and stored in the single sign-on database.
       5.     User is redirected to the original Web Part.
       6.     The Web Part retrieves the credentials from the single sign-on database.
       7.     The Web Part submits the credentials to the enterprise application and retrieves the necessary information.
       8.     The Web Part is displayed to the user.
  On subsequent access, when the user requests the Web Part, to get the necessary data from the enterprise application the credentials are retrieved from the single sign-on database. The process is transparent to the user. (See Figure 26-1.)
  Figure 26-1. Accessing an enterprise application using single sign-on
  When group enterprise definition is used, the account mapping is configured by the administrator. The administrator specifies the credentials for accessing the enterprise applications that are valid for all members of a Windows group. If the user who accesses the Web Part belongs to the mapped Windows group, the access credentials are already stored in the single sign-on credentials store. The code in the Web Part retrieves the credentials, submits them to the enterprise application, and retrieves the necessary information. The Web Part is then displayed to the requesting user. In this scenario, the whole process is transparent to the user. The user is not aware of any authentication information required for the enterprise application; it is only known to the administrator.
  Security Recommendations Regarding the Topology of the Server Farm
  When using the single sign-on service, you can help enhance security by distributing your resources in the server farm. Specifically, the configuration of the front-end Web server, the job server, and the computer storing the single sign-on database can affect security.
  Less secure configuration.
  •     Everything is deployed on one server. This configuration is less secure because the front-end Web server, the single sign-on database stored in SQL Server, and the encryption key are on the same computer. This configuration is not recommended.
  More secure configuration.
  •     Two-computer configuration where one computer is the front-end Web server. The second computer is the job server containing the single sign-on database stored in SQL Server and the encryption key.
  Recommended configuration for better security.
  •     Configuration of three or more computers in which the front-end Web server, the job server containing the encryption key, and the server containing the single sign-on database stored in SQL Server are different computers.
  If you are using single sign-on in a shared services scenario, the user credentials stored in the parent server farm are available to the administrators of all child server farms. It is recommended that you run applications using single sign-on on the parent portal site only and use an iFrame in the application for child portal sites. You should disable the single sign-on service on child server farms. We will discuss how to disable the SSOSrv service later in this chapter.
  Configuring Single Sign-On
  To configure single sign-on for the first time, you must complete the following tasks:
       1.     Determine and set up necessary Windows accounts.
       2.     Enable the single sign-on service on the job server.
       3.     Configure the single sign-on settings.
       4.     Create a new application definition.
       5.     Provide account information for the application definition.
       6.     Enable the single sign-on service on the front-end servers.
  Step 1: Set Up Single Sign-On Accounts
  The SSOSrv service uses the following four types of accounts:
  •     Configuration account for single sign-on
  •     Single sign-on administrator account
  •     Single sign-on service account
  •     Enterprise application manager account
  Before configuring single sign-on, you must determine and, where necessary, create and set up these accounts.
  Configuration Account for Single Sign-On
  Configuration Account for single sign-on is the Windows account that will be used to configure the SSO. When setting up single sign-on, you use this account to log on to the job server. This account must meet the following requirements:
  •     Be a member of the local Administrators group on the job server.
  •     Be a member of the local Administrators group on the computer running SQL Server that stores the single sign-on database.
  •     Be either the same as the single sign-on administrator account, or be a member of the group account that is the single sign-on administrator account. (The single sign-on administrator account is discussed in the next section.)
  Single Sign-On Administrator Account
  The single sign-on administrator account can be either the Windows Global group or the individual user account, and it will be used to set up and manage the single sign-on service. This account cannot be a local domain group account or a distribution list.
  Make sure that the following requirements are met for the single sign-on administrator account:
  •     The single sign-on service account must be this user or a member of this group.
  •     The configuration account for single sign-on must be this user or a member of this group.
  We will specify this account as the single sign-on administrator account in step 3, “Configure the Single Sign-On Settings on the Job Server.” After it has been configured, this user account or members of this group account will have full access to the single sign-on administration pages and will be able to make configuration and application definition changes.
  Single Sign-On Service Account
  The single sign-on service account is the user account that will run as the single sign-on service. Make sure the following requirements are met:
  •     The single sign-on service account must be the same as the single sign-on administrator account or a member of the group account that is the single sign-on administrator account.
  •     The single sign-on service account must be a member of the local group STS_WPG on all servers running SharePoint Portal Server 2003 in the server farm.
  To make the user a member of STS_WPG, do the following:
       1.     On the taskbar, click Start, point to Administrative Tools, and then click Computer Management.
       2.     In the console tree, under the System Tools node, expand the Local Users and Groups node.
       3.     Click Groups.
       4.     Double-click STS_WPG.
       5.     In the STS_WPG Properties dialog box, click Add.
       6.     Add the user.
  The single sign-on service account must be a member of the local group SPS_WPG on all servers running SharePoint Portal Server in the server farm.
  To make the user a member of SPS_WPG, do the following:
       1.     On the taskbar, click Start, point to Administrative Tools, and then click Computer Management.
       2.     In the console tree, under the System Tools node, expand the Local Users and Groups node.
       3.     Click Groups.
       4.     Double-click SPS_WPG.
       5.     In the SPS_WPG Properties dialog box, click Add.
       6.     Add the user.
  The single sign-on service account must be a member of the public database role on the SharePoint Portal Server configuration database.
     On a single server deployment, if the single sign-on service runs under an account that is a member of the local Administrators group, you do not need to ensure that the user has the public right on the configuration database. However, for security reasons it is recommended that you do not run the service under an account that is a member of the local Administrators group.
  To assign rights on the configuration database, do the following:
       1.     On the SQL Server computer, open SQL Server Enterprise Manager.
       2.     Expand the Microsoft SQL Servers node.
       3.     Expand the SQL Server Group node.
       4.     Expand the (local) (Windows NT) node.
       5.     Expand the Security node.
       6.     Click Logins, and then do one of the following:
  7.          •     If the logon name does not exist, right-click Logins, click New Login, and then in the Name box, type the account for the user in the format DOMAIN\user_name.
  8.          •     If the logon name already exists, right-click the logon name, and then click Properties.
       7.     Click the Database Access tab.
       8.     In the Specify which databases can be accessed by this login section, select the check box for the configuration database.
       9.     In the Database roles for database_name section, select the public check box.
       10.     Click OK.
       11.     Close SQL Server Enterprise Manager.
  The single sign-on service account must be a member of the Server Administrators server role on the SQL Server instance where the single sign-on database is located.
     On a single server deployment, if the single sign-on service runs under an account that is a member of the local Administrators group, you do not need to ensure that the user is a member of Server Administrators server role on the SQL Server instance where the single sign-on database is located. However, for security reasons, it is recommended that you do not run the service under an account that is a member of the local Administrators group.
  To make the user a member of the Server Administrator role
       1.     On the SQL Server computer, open SQL Server Enterprise Manager.
       2.     Expand the Microsoft SQL Servers node.
       3.     Expand the SQL Server Group node.
       4.     Expand the (local) (Windows NT) node.
       5.     Expand the Security node.
       6.     Click Logins, and then do one of the following:
  •          •     If the logon name does not exist, right-click Logins, click New Login, and then in the Name box, type the account for the user in the format DOMAIN\user_name.
  •          •     If the logon name already exists, right-click the logon name, and then click Properties.
       7.     Click the Server Roles tab.
       8.     Select the Server Administrators check box.
       9.     Click OK.
       10.     Close SQL Server Enterprise Manager.
  Enterprise Application Manager Account
  The enterprise application manager account can be the Windows Global group account, or individual user account, that will be used to set up and manage application definitions. This account cannot be a local domain group or a distribution list.
  You do not need to perform any configuration steps now; we will configure this account to become the enterprise application manager account in step 3, “Configure the Single Sign-On Settings on the Job Server.” However, it is useful to notice the rights that this account will have after it has been specified as the enterprise application manager account, as follows:
  •     This account or members of this group have rights to create, modify, or delete application definitions from the single sign-on administration pages.
  •     This account or members of this group do not have rights to configure single sign-on. Only members of the single sign-on administrator account can configure single sign-on.
  •     Rights that this user or members of this group have are automatically contained in the single sign-on administrator account.
  Step 2: Enable the Single Sign-On Service on the Job Server
  To enable the SSOSrv service, do the following on the job server:
       1.     On the taskbar, click Start, point to Administrative Tools, and then click Services.
       2.     On the Services management console, double-click Microsoft Single Sign-on Service.
       3.     Click the Logon tab.
       4.     Under Log on as, click This account.
       5.     In the This account box, type an account name that you determined as a single sign-on service account in the previous step.
       6.     In the Password and Confirm password boxes, type the password.
       7.     Click Apply.
       8.     Click the General tab.
       9.     In the Startup type list, click Automatic.
       10.     In the Service status section, if the service status does not display Started, click Start.
       11.     Click OK.
  Step 3: Configure the Single Sign-On Settings on the Job Server
  To configure the single sign-on settings, you must be logged on as the configuration account on the job server. As we discussed earlier in step 1, “Set Up Single Sign-On Accounts,” this account must be a member of the local Administrators group on the job server, and must also be a member of the group account that you specify as the single sign-on administrator account.
  You cannot configure single sign-on remotely. To configure single sign-on, go to the computer running as the job server, log on as the configuration account, and then do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Server Settings section, click Manage server settings.
       3.     On the Manage Server Settings for Single Sign-On page, in the Single Sign-On Settings section, in the Account name box, type the name of the single sign-on administrator account that you determined in step 1, “Set Up Single Sign-On Accounts.” The format of the account is DOMAIN\group_name or DOMAIN\user_name.
       4.     In the Enterprise Application Definition Settings section, in the Account name box, type the name of the enterprise application manager account that you determined in step 1, “Set Up Single Sign-On Accounts.” The format of the account is DOMAIN\group_name or DOMAIN\user_name.
       5.     In the Database Settings section, do the following:
  6.          1.     In the Server name box, type the name of the database server on which you want to store the settings and account information for single sign-on.
  2.          2.     In the Database name box, type the name of the single sign-on database.
  If the database does not exist, it is created.
       6.     In the Time Out Settings section, do the following:
  7.          1.     In the Ticket time out (in minutes) box, type the number of minutes to wait before allowing a ticket, or access token, to time out.
  2.          2.     In the Delete audit log records older than (in days) box, type the number of days to hold records in the audit log before deleting.
       7.     Click OK.
       8.     If a message box appears stating that you have reconfigured single sign-on, click OK.
     The audit log is overwritten after the number of days you specify. Because the log contains a record of any illicit operations or logon attempts, it is recommended that you maintain backup copies of the logs. The logs reside in the single sign-on database in the SSO_Audit table. This table is automatically backed up when you back up the database.
  Step 4: Create an Application Definition
  To create an application definition, you need to be logged on as a member of single sign-on administrator account or as an enterprise application definition manager account. To create an application definition, do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Enterprise Application Definition Settings section, click Manage settings for enterprise application definitions.
       3.     On the Manage Enterprise Application Definitions page, click New Item.
       4.     On the Create Enterprise Application Definition page, in the Application and Contact Information section, do the following:
  5.          1.     In the Display name box, type a display name for this application definition.
  When administrator changes the settings for the application definition at a later stage, the application definition is listed using its display name.
  The display name is what the user sees on the logon form when entering credentials on the first access.
     If you enter a long name with no spaces in it for the display name, the entire name might not be displayed.
  2.          2.     In the Application name box, type an application name for the application definition. The application name is used by developers.
     If you enter a long name with no spaces in it for the application definition name, the entire name might not be displayed.
  3.          3.     In the Contact e-mail address box, type an e-mail address for users to contact for this application.
       5.     In the Account Type section, do one of the following:
  6.          •     If you want all users to log on by using a single account, select Group.
  Users do not need to enter any credentials with this option.
  7.          •     If you want users to log on by using their own account information, select Individual.
  Each user will have to provide credentials when accessing the Web Part for the first time.
     If you specify a group account as the account type, so that all users log on by using a single account, ensure that you have the appropriate number of client licenses for the application that you are accessing.
       6.     In the Logon Account Information section, select one or more fields to map to the required logon information in the necessary order for this enterprise application. The number and the order of the fields are defined by the enterprise application logon requirements. For each field, do the following:
  7.          1.     Type a display name for each field as a reminder of the required information. For an individual user application definition, the display name is what the users see on the logon form when entering their credentials for the enterprise application. For a group application definition, the display name of the field is what the administrator sees when entering the mapped group account credentials for the enterprise application.
  2.          2.     If the field contains sensitive information, such as a password, click Yes for Mask so that the information is not displayed within this field when it is being filled in or viewed.
  For example, for access to Oracle, you might enter the following:
  Field 1 = Oracle user name
  Field 2 = Oracle user password (select Yes for the Mask option)
  Field 3 = Oracle database name
  If you need to access the SAP application, for SAP credentials you might enter the following:
  Field 1 = SAP user name
  Field 2 = SAP password (select Yes for the Mask option)
  Field 3 = SAP system number
  Field 4 = SAP client number
  Field 5 = language
       7.     Click OK.
  Step 5: Provide Account Information for an Application Definition
  After you have created the application definition, for group application definition you have to specify the logon account credentials. For individual application definitions, you can specify credentials for the users or, alternatively, the users may enter their credentials in the logon form on the first access.
  To specify the logon account information for the application definition, do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Enterprise Application Definition Settings section, click Manage account information for enterprise application definitions.
       3.     On the Manage Account Information for an Enterprise Application Definition page, in the Account Information section, do the following:
  4.          1.     In the Enterprise Application Definition list, select the name of the application definition. If you created the application definition to use an individual account, the User account name box is displayed on the page. If you created the application definition to use a group account, the Group account name box is displayed.
  2.          2.     In the User account name or Group account name box, type the account name that will be mapped to the application credentials.
  3.          3.     Click OK.
       4.     On the Provide application_definition_display_name Account Information page, in the Logon Information section, enter the credentials to be used for the logon to the enterprise application. The number, the order and the names of the fields displayed follow configuration in the Logon Account Information section of the application definition.
  Step 6: Enable the Single Sign-On Service on the Front-End Web Servers
  After you have configured the single sign-on settings on the job server, you need to enable the single sign-on service of the front-end Web servers. To enable the single sign-on service on each front-end Web server, follow the instructions given earlier in step 2, “Enable the Single Sign-On Service on the Job Server.”
  Managing Single Sign-On
  After you have configured the single sign-on for the first time, you are likely to need to perform administration tasks at a later stage, including the following:
  •     Creating and deleting the application definitions
  •     Managing account credentials mapped within the application definitions
  •     Regenerating, backing up, and restoring the encryption key
  •     Enabling auditing of the encryption key
  •     Disabling the SSOSrv service
  In this section, we will discuss the single sign-on administration tasks. If you need to change your single sign-on configuration, make sure you consider the following:
  •     The single sign-on configuration and encryption key management tasks cannot be done remotely. To configure single sign-on or manage the encryption key, go to the computer running as the job server and specify the settings locally.
  •     If you change the job server to another server, you must reconfigure single sign-on. After changing the job server, you must delete the entire registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ssosrv\Config on the old job server.
  •     If you reconfigure single sign-on and you want to change the account that you specified for managing the single sign-on service (the single sign-on administrator account), the user who reconfigures the single sign-on and the single sign-on service account must be a member of both the current single sign-on administrator account that manages the service and the new account that you want to specify.
  Editing an Application Definition
  You can edit the display name, the e-mail contact, and the logon fields for an enterprise application definition. You cannot edit the application definition name or change the account type.
  To edit an application definition, do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Configure the Single Sign-on component and manage enterprise application definitions for portals.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Application Settings section, click Manage settings for enterprise application definitions.
       3.     On the Manage Enterprise Application Definitions page, rest the pointer on the display name for the application definition, and then click the arrow that appears.
       4.     On the menu that appears, click Edit.
       5.     On the Edit Enterprise Application Definition page, in the Application and Contact Information section, you can edit the display name and the e-mail contact.
       6.     In the Display Name box, type a display name for this application definition. The display name is what the user sees.
       7.     In the E-mail Contact box, type an e-mail address for users to contact for this application.
       8.     In the Account Information section, select one or more fields to map to the required logon information for this application definition.
       9.     Type a display name for each field as a reminder of the required information. The display names for the fields will appear on the logon page for the application.
       10.     To ensure that sensitive information, such as a password, is not displayed when viewing account information, click Yes for Mask?
       11.     Click OK.
  Deleting an Application Definition
  When you delete an application definition, it is removed from the single sign-on database. In addition, all credentials associated with the application definition are removed. To delete an application definition, do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Configure the Single Sign-on component and manage enterprise application definitions for portals.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
  2.          2.     On the Manage Settings for Single Sign-On for server_name page, in the Application Settings section, click Manage settings for enterprise application definitions.
  3.          3.     On the Manage Enterprise Application Definitions page, rest the pointer on the display name for the application definition, and then click the arrow that appears.
  4.          4.     On the menu that appears, click Delete.
  5.          5.     On the confirmation message box, click OK.
  Managing Account Information for an Application Definition
  You can update or delete individual account information for a single application definition, or you can remove an account from all application definitions.
  For group application definitions, you can update the account information, but you cannot remove the Windows account from a group application definition because there is a one-to-one correspondence between a group application definition and the account. If necessary, you can delete the group application definition.
  To manage account information for an application definition, do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Enterprise Application Definition Settings section, click Manage account information for enterprise application definitions.
       3.     On the Manage Account Information for an Enterprise Application Definition page, in the Account Information section, do the following:
  4.          1.     In the Enterprise Application Definition list, select the name of the application definition.
  2.          2.     If you created the application definition to use an individual account, the User account name box appears. If you created the application definition to use a group account, the Group account name box appears. In the User account name or Group account name box, type the account name to modify.
       4.     In the Enterprise Application Definition section, you can perform one of the three operations: update the account information for the application corresponding to this application definition, delete the stored credentials for this account for this application, and delete the stored credentials for this account from all application definitions.
     For individual application definitions, all three options are available. For group application definitions only the update option is available; both delete options are grayed out.
  To update the account information for this application, do the following:
       1.     Click Update account information.
       2.     Click OK.
       3.     On the Provide application_definition_display_name Account Information page, in the Logon Information section, enter the credentials to be used for the logon to the enterprise application. The number, the order, and the names of the fields displayed follow configuration in the Logon Account Information section of the application definition.
       4.     Click OK.
  To delete the stored credentials for this user account from this application definition, do the following:
  5.          1.     Click Delete stored credentials for this account from this enterprise application definition.
  2.          2.     Click OK.
  3.          3.     To delete the user credentials, click OK on the confirmation message box.
  To remove this user account credentials from all application definitions, do the following:
  4.          1.     Click Delete stored credentials for this account from all enterprise application definitions.
  2.          2.     Click OK.
  3.          3.     To delete the user credentials from all application definitions, click OK on the confirmation message box.
  Creating the Encryption Key
  The encryption key is used as part of the encryption process for credentials used with single sign-on. The key helps to decrypt encrypted credentials stored in the single sign-on database. The first time you configure single sign-on and enterprise application definitions on the Manage Server Settings for Single Sign-On page, the encryption key is created automatically. You can regenerate the key if the previous credentials are compromised or if you have a policy to change the key after a certain number of days.
  When you create an encryption key, you can choose to re-encrypt the existing credentials with the new key. When you re-encrypt the SSOSrv service credential store, events are logged in the Microsoft Windows Server 2003 application event log. Once re-encryption is initiated, you can monitor the application event log to verify that the credential store has been re-encrypted. Event ID 1032 is recorded in the application event log when re-encryption is started. Event ID 1033 is recorded in the application event log when re-encryption has ended. If there are any failures during re-encryption, an event is recorded in the log.
  If the job server is restarted or SSOSrv is stopped on the job server during the re-encryption process, you should look in the event log for errors. If the event log reports an error, you must restart the re-encryption process from the Manage Encryption Key page.
     If the re-encryption process is preempted in any way, it will have to be re-run. If the re-encryption process is preempted, it reverts back to its original state
  The re-encryption process is a long-running operation. It is recommended that you change or restore the encryption key during non-peak periods.
  During the re-encryption process, Write operations such as updating credentials and changing application definitions are not allowed. Read operations such as retrieving credentials continue to work as normal.
     To re-encrypt the existing credentials, the single sign-on service account must be a member of the Server Administrators server role on the SQL Server instance where the single sign-on database is located. For other requirements for single sign-on service account, refer to the section “Single Sign-On Service Account” earlier in this chapter.
  You cannot create the encryption key remotely. To re-generate the encryption key, go to the computer running as the job server, log on as the single sign-on administrator account, and do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Server Settings section, click Manage encryption key.
       3.     On the Manage Encryption Key page, in the Encryption Key Creation section, click Create Encryption Key.
       4.     On the Create Encryption Key page, to re-encrypt the credentials for the single sign-on database, select the Re-encrypt all credentials by using the new encryption key check box, and then click OK.
     If you do not re-encrypt the existing credentials with the new encryption key, users must retype their credentials for individual application definitions, and administrators for group application definitions must retype group credentials.
  Backing Up the Encryption Key
  After creating the encryption key, you should back it up. You must back up the key to a 3.5-inch floppy disk. You should lock up the backup disk for the encryption key in a safe place.
     Because the encryption key is the key that decrypts the encrypted credentials stored in the single sign-on database, the backup copy of the key should not be stored with the backup copy of the database. If a user obtains a copy of both the database and the key, the credentials stored in the database could be compromised.
  You cannot back up the encryption key remotely. To back up the encryption key, go to the computer running as the job server, log on as the single sign-on administrator account, and do the following:
       1.     On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for server_name page, in the Server Settings section, click Manage encryption key.
       3.     Insert a 3.5-inch disk into a disk drive on the computer running as the job server.
       4.     On the Manage Encryption Key page, in the Encryption Key Backup section, in the Drive list, click the letter of the disk drive, and then click Back Up to back up the encryption key.
       5.     In the completion message box that appears, click OK.
       6.     Remove the 3.5-inch disk from the disk drive.
  Restoring the Encryption Key
  You cannot restore the encryption key remotely. To restore the encryption key, go to the computer running as the job server, log on as the single sign-on administrator account, and do the following:
       1.     On the SharePoint Portal Server Central Administration for Server server_name page, in the Component Configuration section, click Manage settings for single sign-on.
  Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
       2.     On the Manage Settings for Single Sign-On for Server server_name page, in the Server Settings section, click Manage encryption key.
       3.     Insert a 3.5-inch disk into a disk drive on the computer running as the job server.
       4.     On the Manage Encryption Key page, in the Encryption Key Restore section, in the Drive list, click the letter of the disk drive, and then click Restore to restore the encryption key.
       5.     Click OK.
  When the restore completes, the Manage Settings for Single Sign-On for Server server_name page appears.
       6.     Remove the 3.5-inch disk from the disk drive.
     Restoring the encryption key and re-encrypting the single sign-on credentials store with the restored key is a long-running process. It is recommended that you restore the encryption key during non-peak periods.
  Enabling Auditing for the Encryption Key
  You should enable auditing for the encryption key. Then, if the key is read or written to, there will be an audit trail in the security log in Microsoft Windows Server 2003 Event Viewer.
  To enable auditing for the encryption key, you need to modify the registry using regedit and then enable auditing using Group Policy Object Editor.
  To modify the registry, do the following:
  1.     On the taskbar, click Start, and then click Run.
  2.     Type regedit and then click OK.
  3.     In Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ssosrv\Config.
  4.     Right-click Config, and then click Permissions.
  5.     In the Permissions for Config dialog box, click Advanced.
  6.     In the Advanced Security Settings for Config dialog box, click the Auditing tab, and then click Add.
  7.     In the Select User, Computer, or Group dialog box, in the Enter the object name to select box, type everyone.
  8.     Click OK.
  9.     In the Auditing Entry for Config dialog box, in the Failed column, select the Full Control check box, and then click OK.
  10.     Click OK, and then click OK again to close all dialog boxes.
  11.     Close Registry Editor.
  To enable auditing, do the following:
       1.     On the taskbar, click Start, and then click Run.
       2.     Type mmc and then click OK.
       3.     In the console, on the File menu, click Add/Remove Snap-in.
       4.     In the Add/Remove Snap-in dialog box, on the Standalone tab, click Add.
       5.     In the Add Standalone Snap-in dialog box, in the Available Standalone Snap-ins list, click Group Policy Object Editor, and then click Add.
       6.     In the Select Group Policy Object dialog box, ensure that Local Computer appears in the Group Policy Object box, and then click Finish.
       7.     In the Add Standalone Snap-in dialog box, click Close.
       8.     In the Add/Remove Snap-in dialog box, click OK.
       9.     Expand the following nodes:
  •     Local Computer Policy
  •     Computer Configuration
  •     Windows Settings
  •     Security Settings
  •     Local Policies
  •     Audit Policy
       10.     In the details pane, double-click Audit object access.
       11.     In the Audit object access Properties dialog box, select the Failure check box, and then click OK.
  You can verify that auditing is working by doing the following:
  12.          1.     Log off.
  2.          2.     Log on as a user who should not have access to the registry key.
  3.          3.     Try to read the registry key.
  4.          4.     Look in the security log in Windows Server 2003 Event Viewer for audit entries.
  Disabling the Single Sign-On Service
  To disable the single sign-on service on the server farm, you must disable it on each front-end Web server, on the job server, and on any server running the single sign-on service.
  If you want to delete all credentials associated with application definitions, you must delete each enterprise application definition.
  To disable the single sign-on service, do the following on each front-end Web server, job server, and any server running the single sign-on service:
       1.     On the taskbar, click Start, point to Administrative Tools, and then click Services.
       2.     On the Services management console, double-click Microsoft Single Sign-on Service.
       3.     On the General tab, in the Startup type list, click Manual.
       4.     In the Service status section, click Stop.
       5.     Click OK.
  Creating a Web Part That Uses Single Sign-On
  After you have configured the single sign-on and created the application definitions, you need to develop a Web Part that implements the single sign-on functionality and retrieves information from the corresponding back-end application programmatically.
  SharePoint Portal Server 2003 provides a programming interface for developers to use and extend the single sign-on feature. There are two namespaces provided solely for interaction with the single sign-on functionality, as well as one class in a more generic Microsoft.SharePoint.Portal namespace, as follows:
       •     The Microsoft.SharePoint.Portal.SingleSignOn namespace contains core classes that allow you to work with account credentials and application definitions in the single sign-on credentials store. These core classes and their functionality are listed in Table 26-1. The required assembly is Microsoft.SharePoint.Portal.SingleSignon, located in Microsoft.SharePoint.Portal.SingleSignon.dll.
       •     The Microsoft.SharePoint.Portal.SingleSignOn.Security namespace contains two classes that control the ability to access Single Sign-On resources programmatically from the code. These two classes and their functionality are listed in Table 26-2. The required assembly is Microsoft.SharePoint.Portal.SingleSignOn.Security, located in Microsoft.SharePoint.Portal.SingleSignOn.Security.dll.
       •     The SingleSignonLocator class in the Microsoft.SharePoint.Portal namespace allows you to locate a URL for the logon form for the SSOSrv service. It has the GetCredentialEntryUrl(strAppName, [port]) method that returns the URL for the logon form for a given application definition. The method takes two parameters: strAppName, which is a name of an application that is configured in the corresponding application definition, and the optional port number for SSL. If you do not specify the port number, and SSL is not enabled on the server, the port number will default to port 80 (that is, the port value will be omitted from the URL). If the second parameter is absent and SSL is enabled on the server, the port number is assumed to be the standard SSL port 443. However, if you require the URL returned to be formatted for SSL on a particular port, you need to specify it. For example, you would pass the specified port when the system cannot detect which SSL port to use, such as when multiple SSL port mappings exist. The required assembly for this class is Microsoft.SharePoint.Portal, located in Microsoft.SharePoint.Portal.dll.
  Table 26-1. Microsoft.SharePoint.Portal.SingleSignOn Namespace Core Classes
  Class     Description
  Application     Exposes functionality to add, get, and delete enterprise application definitions
  Credentials     Exposes functionality to manage user and group credentials and access tokens
  SSOReturnCodes     Contains all the return codes for SSOSrv service that the SingleSignonException class will throw
  SingleSignonException     Instantiates an exception from the SSOSrv ser vice with a specific error code
  Table 26-2. Microsoft.SharePoint.Portal.SingleSignOn Security Namespace Classes
  Class     Description
  SingleSignOnPermission      Allows security actions for SingleSignOnPer mission to be applied to code using declarative security.
  SingleSignOnPermissionAt tribute     Represents a custom permission that controls the ability to access Microsoft SharePoint Products and Technologies resources to manage user and group credentials and access tokens.
  For example, let’s look into a code in the Web Part that retrieves the account credentials for a back-end enterprise application from the single sign-on credentials database. The corresponding application definition is configured to use individual accounts. The code checks whether a requesting user’s credentials have already been stored in the single sign-on credential database. If not, the user is redirected to the Single Sign-On logon form to enter the required credentials for accessing the back-end application.
  The code should implement the following sequence:
       1.     Call the GetCredentials method of the Credentials class. Specify the application name for which the credentials need to be retrieved from the single sign-on database.
       2.     If the SSOSrv service cannot find credentials for the user for the enterprise application specified, the GetCredentials method throws a SingleSignonException. If the LastErrorCode property of the SingleSignonException is SSO_E_CREDS_NOT_FOUND, call the GetCredentialEntryUrl(String) method—or the GetCredentialEntryUrl(String, Int) method—of the SingleSignonLocator class to build the URL to the single sign-on logon form.
       3.     After the URL for the logon form has been retrieved, redirect the browser to this URL. The logon form is created by the SSOSrv service. It prompts the user to enter credentials for the enterprise application in a number of fields. The order, the number and the display names for these fields are configured within the application definition under Logon Account Information. For example, if the enterprise application uses user name and password for authentication, two fields will be present in the logon form. For SAP, you may need five fields. After the SSOSrv service saves the credentials, the form redirects control back to the original Web Part.
  The code in your Web Part will be similar to the following example that shows how to redirect the user to the logon form to save credentials for an enterprise application called SampleApp:
  protected override void RenderWebPart(HtmlTextWriter writer) //RenderWebPart
    string[] rgGetCredentialData = null;
    try
    //Try to get the credentials for this application.
    //Before running this code, make sure that an individual
    //application definition for application called "SampleApp"
    //has been added.
      Credentials.GetCredentials(1,"SampleAPP", ref rgGetCredentialData);
    catch (SingleSignonException ssoe)
    //This exception will be thrown if this user does not have
    //credentials for the "SampleApp" application.
      if(SSOReturnCodes.SSO_E_CREDS_NOT_FOUND == ssoe.LastErrorCode)
        //Send the user to the single sign-on logon form. 
        //The logon form will:
        //- Prompt the user for credentials for this application
        //- Save credentials for this user for this application
        //- Then redirect the user back to this Web Part
          string strSSOLogonFormUrl = SingleSignonLocator.GetCredentialEntryUrl
            ("MyIndividualApplicationID");
          writer.Write("<a href=" + strSSOLogonFormUrl +">Click here to save your
           credentials for the Enterprise Application.</a>");
          writer.WriteLine();
  After the user credentials for the enterprise application have been stored in the single sign-on database, the custom code in the Web Part should retrieve the credentials using GetCredentials method, then submit them to the enterprise application in a manner that is relevant to this application, then retrieve the necessary data from this application, and then finally render the data in the Web Part. Referring back to Figure 26-1 that shows eight steps described in the section “How Single Sign-On Works,” the preceding code corresponds to steps 1 through 5. In addition to this code, you have to implement steps 6 through 8.
  Your code for interacting with the enterprise application such as submitting credentials and retrieving information will be different depending on the type of application you are accessing. You need to consider that in an enterprise environment, where a user interacts with many systems and applications, it is likely that the environment does not maintain the user context through multiple processes, products, and computers. This user context is crucial to provide single sign-on capabilities because it is necessary to verify who initiated the original request. To overcome this problem, SharePoint Portal Server provides ability to use a Single Sign-On (SSO) ticket (not a Kerberos ticket). An SSO ticket is an encrypted access token that can be used to get the credentials that correspond to the user who made the original request. Also, in the enterprise environment you might consider using Microsoft BizTalk Server as a transformation engine for the authentication requests, as well as requests for data, between your Web Part and a format that is understood by the enterprise application.
  An example of such enterprise application integration (EAI) infrastructure is shown in Figure 26-2. In this scenario, a Web Part gets the information from a line of business (LOB) back-end application using BizTalk Server 2004. The LOB application requires authentication. In this example, we will assume that the enterprise application definition for the LOB application has already been created, and the user credentials have been stored in the SSO database.
  The authentication process shown in Figure 26-2 consists of several steps, as follows:
       1.     The Web Part calls Microsoft.SharePoint.Portal.SingleSignon.Credentials.ReserveCredentialTicket() with the user. This method reserves a credential ticket for the user and then returns an encrypted access token (SSO ticket) to the calling Web Part.
       2.     The Web Part passes the SSO ticket to the BizTalk Server 2004 native SOAP adapter by calling a Web service that runs on BizTalk Server. The SSO ticket is passed within the header of the SOAP request. When the SOAP adapter receives a request containing an SSO ticket, the ticket is stored as the SSO Ticket property in the conte

• I'm having a problem with coreaudiotoolbox and corevideo.dll.

  I'm having a problem with coreaudiotoolbox and corevideo.dll. PC was corrupted, I restored. Now when I launch Safari, I run into errors, can't find these two dll files. Itunes won't download at all because it says something is missing but won't say what. Now what do I do? Apple won't help because they want $50 dollars just to talk with me and I've been down that road before and to no satisfaction. Help please!!

  Taken at face value, you're having trouble with Apple Application Support program files there. (Apple Application Support is where single copies of program files used by multiple different Apple programs are kept, so an AAS problem can affect both iTunes and Safari.)
  Let's try something relatively simple first. Restart the PC. Now head into your Add or Remove programs control panel, select "Apple Application Support", click "Change" and then click Repair.
  If no joy after that, try the more rigorous uninstall/reinstall procedure from the following post (although it's for Vista and 7, just read "Computer" as "My Computer", read "Uninstall a program control panel" as "Add or Remove programs control panel" and assume the system is 32-bit, and you'll be doing the right things):
  Re: I recently updated to vista service pack 2 and I updated to itunes 10.2.1 and ever since I did that my itunes won't open any more.  Itunes starts but before anything loads a window pops up saying that the prograam has encountered a problem and sh...

• Problem with Class and Classpath

  Hello ME Windows Users, now before you place a wry smile on your face, I have a problem with path and classpath. Stop it, I can see you smiling!
  By visiting the the last 10 pages of the forum and reading Sun installation notes, some tooldocs and by given some answers by some nice people, I have become an expert in turning off my computer, about 10 times/hr. I still am trying to make my first cup of java.
  With the ME computer,
  I'm unable to right click on the desktop and go to properties, advanced,
  I'm unable to go go start, run, sysedit,
  I'm unable to change the ms-dos window of autoexec.bat, it just shuts down.
  Now before you tell me, I should of bought a different computer, the only place I can find to modify the path and classpath is in the environment which is in system configuration under tools. Here I have placed numerous configurations, like
  C:\java>set path=%path%;c:\j2sdk1.4.2\bin
  C:\java>set classpath=%classpath%;.;
  ;java_dir\bin where ;java_bin is c:\j2sdk1.4.2
  .; java_dir\bin; %path% where ;java_bin is c:\j2sdk1.4.2 and the list goes on.
  But, I know you are still smiling, the % signs comes up in a dialog box, saying too many, and will not convert the text to the environment to be saved when I close down for the tenth time in the last hour.
  Can someone help me before I make a real cup of coffee and accidentally drop it on the ME box.
  Have a laugh on me Mik.

  C:\java>set path=%path%;c:\j2sdk1.4.2\binGood
  But it is no good because it has to many % and a dialog box appears, saying you have too many parameters.
  Are you saying I have to shutdown again to answer your ?
  From the HELP menu-
  To confirm startup commands line by line
  Click Start, and then click Shut down.
  Click Restart, click OK, and then press and hold the CTRL key until the Windows Startup Menu appears.
  Enter the number for Step-by-step confirmation, and then press ENTER.
  For each command you want to run, press Y.
  If the command runs successfully, you are prompted with the next command.
  If the command does not run successfully, you receive an error message.
  To skip a command, press N.
  Mik

• Problems with RAC and XA: Fallback

  Hello,
  we are seing problems with RAC and XA (Tuxedo 11, DB 11.2), specifically encountering "ORA-24798: cannot resume the distributed transaction branch on another instance".
  The first scenario relates to fallback after a RAC node failure. There are two servers, S1 and S2. S1 makes an ATMI call to S2. Both servers are in the same Tuxedo group, using TMS_ORA. RAC is set up for failover (BASIC), no load balancing.
  The sequence is:
  - S1 and S2 are connected to the same RAC node n1. All is well.
  - RAC node n1 fails. S1, S2 and the TMS_ORA all fail over to RAC node n2. After the failover has happened, all is well.
  - RAC node n1 recovers. All is still well (as there is no automatic fallback).
  - S1 (or S2) is restarted (either intentionally or because of a crash). Since n1 is up again, S1 connects to n1. Now we get ORA-24798. Permanently.
  S1 is connected to n1 and S2 is connected to n2. Since both are in the same group, both use the same XA transaction branch. When called, S2 attempts to JOIN the transaction branch that S1 started. But the DB (11.2) does not allow the same branch to span more than one node. Hence the ORA-24798.
  This seems to be a severe limitation in the combination of Tuxedo, XA and RAC. It basically means we still have to use DTP services, even with Tuxedo 11 and DB 11.2. Or are we missing something?
  We could put S1 and S2 into different groups, but that seems to be inefficient, and not practical for a real application (10s of servers).
  I am extrapolating from this that RAC load balancing would also not work, as S1 and S2 could be connected to different RAC nodes.
  Roger

  Roger,
  When using an external transaction manager such as Tuxedo you should still declare Oracle services as DTP services when using Oracle Database 11g. The Tuxedo documentation is not clear about this. The relevant 11gR2 RAC documentation is at http://download.oracle.com/docs/cd/E11882_01/rac.112/e16795/hafeats.htm and states
  "An XA transaction can span Oracle RAC instances by default, allowing any application that uses the Oracle XA library to take full advantage of the Oracle RAC environment to enhance the availability and scalability of the application.
  "GTXn background processes support global (XA) transactions in an Oracle RAC environment. The GLOBAL_TXN_PROCESSES initialization parameter, which is set to 1 by default, specifies the initial number of GTXn background processes for each Oracle RAC instance. Use the default value for this parameter clusterwide to allow distributed transactions to span multiple Oracle RAC instances. Using the default value allows the units of work performed across these Oracle RAC instances to share resources and act as a single transaction (that is, the units of work are tightly coupled). It also allows 2PC requests to be sent to any node in the cluster.
  "Before Release 11.1, the way to achieve tight coupling in Oracle RAC was to use Distributed Transaction Processing (DTP) services, that is, services whose cardinality (one) ensured that all tightly-coupled branches landed on the same instance—regardless of whether load balancing was enabled. Tightly coupled XA transactions no longer require the special type of singleton services to be deployed on Oracle RAC databases if the XA application does not join or resume XA transaction branches. XA transactions are transparently supported on Oracle RAC databases with any type of service configuration.
  A"n external transaction manager, such as Oracle Services for Microsoft Transaction Server (OraMTS), coordinates DTP/XA transactions. However, an internal Oracle transaction manager coordinates distributed SQL transactions. Both DTP/XA and distributed SQL transactions must use the DTP service in Oracle RAC."
  This issue came up earlier this year in another newsgroup thread at https://forums.oracle.com/forums/thread.jspa?threadID=2165803
  Regards,
  Ed

• Tp ended with error code 0247 - addtobuffer has problems with data- and/or

  Hello Experts,
  If you give some idea, it will be greatly appreciated.
  This transported issue started coming after power outage, sap system went hard shutdown.
  Then we brought up the system. Before that , we do not have this transport issue.
  our TMS landscape is
  DEV QA-PRD
  SED-SEQSEP
  DEV is having the TMS domain controller.
  FYI:
  *At OS level, when we do scp command using root user, it is fine for any TR.
  In STMS, while adding TR in SEQ(QA system), we  are getting error like this.
  Error:
  Transport control program tp ended with error code 0247
       Message no. XT200
  Diagnosis
       An error occurred when executing a tp command.
         Command:        ADDTOBUFFER SEDK906339 SEQ client010 pf=/us
         Return code:    0247
         Error text:     addtobuffer has problems with data- and/or
         Request:        SEDK906339
  System Response
       The function terminates.
  Procedure
       Correct the error and execute the command again if necessary.
  This is tp version 372.04.71 (release 700, unicode enabled)
  Addtobuffer failed for SEDK906339.
    Neither datafile nor cofile exist (cofile may also be corrupted).
  standard output from tp and from tools called by tp:
  tp returncode summary:
  TOOLS: Highest return code of single steps was: 0
  ERRORS: Highest tp internal error was: 0247

  when we do scp using sm69,
  SEDADM@DEVSYS:/usr/sap/trans/cofiles/K906339.SED SEQADM@QASYS:/usr/sap/trans/cofiles/.
  it throws the error like below,
  Host key verification failed.
                                                                                  External program terminated with exit code 1
  Thanks
  Praba

• Problems with SwingWorker and classes in my new job, ;), can you help me?

  Hi all, ;)
  First of all, sorry about my poor English.
  I have a problem with Swing and Threads, I hope you help me (because I'm in the firsts two weeks in my new job)
  I have two classes:
  Form1: Its a JPanel class with JProgressBar and JLabel inside.
  FormularioApplet: (the main) Its a JPanel class with a form1 inside.
  I have to download a file from a server and show the progress of the download in the JProgressBar. To make it I do this:
  In Form1 I make a Thread that update the progress bar and gets the fole from the server.
  In FormularioApplet (the main) I call to the method getDownloadedFile from Form1 to get the File.
  THE PROBLEM:
  The execution of FormularioApplet finishes before the Thread of Form1 (with download the file) download the file. Then, when I call in FormularioApplet the variable with the file an Exception: Exception in thread "AWT-EventQueue-1" java.lang.NullPointerException is generated.
  First main begins his execution, then call to Form1 (a thread) then continues his execution and when the execution is finished ends the execution os Form1 and his thread.
  How can I do for main class call the function and the Thread download his file after main class assign the file of return method?
  How can I pass information froma class include an a main class. Form1 can't send to main (because main class made a Form1 f1 = new Form1()) any information from his end of the execution. I think if Form1 can say to main class that he finishes is job, then main class can gets the file.
  I put in bold the important lines.
  Note: My level of JAVA, you can see, is not elevated.
  THANKS A LOT
  Form1 class:
  package es.cambrabcn.signer.gui;
  import java.awt.HeadlessException;
  import java.io.ByteArrayOutputStream;
  import java.io.IOException;
  import java.io.InputStream;
  import java.net.MalformedURLException;
  import java.net.URL;
  import java.util.StringTokenizer;
  import java.util.Vector;
  import javax.swing.SwingUtilities;
  public class Form1 extends javax.swing.JPanel {
      //Variables relacionadas con la clase original DownloadProgressBar
      private InputStream file;
      private int totalCicles;
      private int totalFiles;
      private int currentProgress;
      private SwingWorker worker;
      private ByteArrayOutputStream byteArray;
      private boolean done;
      /** Creates new form prueba */
      public Form1() {
          initComponents();
          this.byteArray = new ByteArrayOutputStream();
          progressBar.setStringPainted(true);
          //this.totalFiles = totalFiles;
          currentProgress = 0;
      /** This method is called from within the constructor to
       * initialize the form.
       * WARNING: Do NOT modify this code. The content of this method is
       * always regenerated by the Form Editor.
      // <editor-fold defaultstate="collapsed" desc=" C�digo Generado ">                         
      private void initComponents() {
          label1 = new javax.swing.JLabel();
          progressBar = new javax.swing.JProgressBar();
          statusLabel = new javax.swing.JLabel();
          setBackground(new java.awt.Color(255, 255, 255));
          setMaximumSize(new java.awt.Dimension(300, 150));
          setMinimumSize(new java.awt.Dimension(300, 150));
          setPreferredSize(new java.awt.Dimension(300, 150));
          label1.setFont(new java.awt.Font("Arial", 1, 18));
          label1.setHorizontalAlignment(javax.swing.SwingConstants.CENTER);
          label1.setText("Barra de progreso");
          statusLabel.setHorizontalAlignment(javax.swing.SwingConstants.CENTER);
          statusLabel.setText("Cargando");
          org.jdesktop.layout.GroupLayout layout = new org.jdesktop.layout.GroupLayout(this);
          this.setLayout(layout);
          layout.setHorizontalGroup(
              layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(org.jdesktop.layout.GroupLayout.TRAILING, layout.createSequentialGroup()
                  .addContainerGap()
                  .add(layout.createParallelGroup(org.jdesktop.layout.GroupLayout.TRAILING)
                      .add(org.jdesktop.layout.GroupLayout.LEADING, statusLabel, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, 280, Short.MAX_VALUE)
                      .add(org.jdesktop.layout.GroupLayout.LEADING, progressBar, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, 280, Short.MAX_VALUE)
                      .add(org.jdesktop.layout.GroupLayout.LEADING, label1, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, 280, Short.MAX_VALUE))
                  .addContainerGap())
          layout.setVerticalGroup(
              layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(layout.createSequentialGroup()
                  .addContainerGap()
                  .add(label1)
                  .addPreferredGap(org.jdesktop.layout.LayoutStyle.RELATED)
                  .add(progressBar, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE)
                  .addPreferredGap(org.jdesktop.layout.LayoutStyle.RELATED)
                  .add(statusLabel)
                  .addContainerGap(73, Short.MAX_VALUE))
      }// </editor-fold>                       
      // Declaraci�n de variables - no modificar                    
      private javax.swing.JLabel label1;
      private javax.swing.JProgressBar progressBar;
      private javax.swing.JLabel statusLabel;
      // Fin de declaraci�n de variables                  
      public byte[] getDownloadedFile(String documentToSign){
           //Variables locales
           byte puente[] = null;
           try{
              //Leemos el documento a firmar
              StringTokenizer st = new StringTokenizer(documentToSign, ";");
              Vector<URL> fileURL = new Vector<URL>();
              HttpSender sender = new HttpSender(null);
              //Introducimos la lista de URLs de archivos a bajar en el objeto Vector
              for(; st.hasMoreTokens(); fileURL.add(new URL(st.nextToken())));
              //Para cada URL descargaremos un archivo
              for(int i = 0; i < fileURL.size(); i++) {
                  file = sender.getMethod((URL)fileURL.get(i));
                  if(file == null) {
                      Thread.sleep(1000L);
                      throw new RuntimeException("Error descarregant el document a signar.");
                  System.out.println("Form1 Dentro de getDownloadFile, Antes de startDownload()");
                  //Fijamos el valor del n�mero de ciclos que se har�n seg�n el tama�o del fichero
                  this.totalCicles = sender.returnCurrentContentLength() / 1024;
                  this.progressBar.setMaximum(totalCicles);
                  //Modificamos el texto del JLabel seg�n el n�mero de fichero que estemos descargando
                  this.statusLabel.setText((new StringBuilder("Descarregant document ")).append(i + 1).append(" de ").append(fileURL.size()).toString());
                  statusLabel.setAlignmentX(0.5F);
                  *//Iniciamos la descarga del fichero, este m�todo llama internamente a un Thread*
                  *this.startDownload();*
                  *System.out.println("Form1 Dentro de getDownloadFile, Despu�s de startDownload()");*
                  *//if (pane.showProgressDialog() == -1) {*
                  *while (!this.isDone()){*
                      *System.out.println("No est� acabada la descarga");*
                      *if (this.isDone()){*
                          *System.out.println("Thread ACABADO --> Enviamos a puente el archivo");*
                          *puente = this.byteArray.toByteArray();*
                          *System.out.println("Form1 getDownloadFile() tama�o puente: " + puente.length);*
                      *else{*
                          *Thread.sleep(5000L);*
  *//                        throw new RuntimeException("Proc�s de desc�rrega del document a signar cancel�lat.");*
          catch (HeadlessException e) {
                  //javascript("onSignError", new String[] {
                  //(new StringBuilder("UI: ")).append(e.getMessage()).toString()});
          e.printStackTrace();
          catch (MalformedURLException e) {
                  //javascript("onSignError", new String[] {
                  //(new StringBuilder("CMS: ")).append(e.getMessage()).toString()});
          e.printStackTrace();
          catch (HttpSenderException e) {
                  //javascript("onSignError", new String[] {
                  //(new StringBuilder("CMS: ")).append(e.getMessage()).toString()});
          e.printStackTrace();
          catch (InterruptedException e) {
                  //javascript("onSignError", new String[] {
                  //(new StringBuilder("CMS: ")).append(e.getMessage()).toString()});
          e.printStackTrace();
          //System.out.println("Form1 getDownloadFile() tama�o puente: " + puente.length);
          return puente;
      public void updateStatus(final int i){
          Runnable doSetProgressBarValue = new Runnable() {
              public void run() {
                  progressBar.setValue(i);
          SwingUtilities.invokeLater(doSetProgressBarValue);
      public void startDownload() {
          System.out.println("Form1 Inicio startDownload()");
          System.out.println("Form1 Dentro de startDownload, antes de definir la subclase SwingWorker");
          System.out.println(done);
          worker = new SwingWorker() {
              public Object construct() {
                  System.out.println("Form1 Dentro de startDownload, dentro de construct(), Antes de entrar en doWork()");
                  return doWork();
              public void finished() {
                  System.out.println("Form1 Dentro de startDownload, dentro de finished(), Antes de asignar done = true");
                  System.out.println(done);
                  done = true;
                  System.out.println("Form1 Dentro de startDownload, dentro de finished(), Despu�s de asignar done = true");
                  System.out.println(done);
                  statusLabel.setText("Completado, tama�o del archivo: " + (byteArray.size() / 1024) + "KB");
          System.out.println("Form1 Dentro de startDownload, antes de worker.start()");
          worker.start();
          System.out.println("Form1 Dentro de startDownload, antes de salir de startDownload");
          System.out.println(done);
          System.out.println("Form1 Dentro de startDownload, despu�s de worker.start()");
       * M�todo doWork()
       * Este m�todo descarga por partes el archivo que es necesario descargar, adem�s de actualizar
       * la barra de carga del proceso de carga de la GUI.
      public Object doWork() {
          System.out.println("Form1 doWork() this.byteArray.size(): " + this.byteArray.size());
          try {
              byte buffer[] = new byte[1024];
              for(int c = 0; (c = this.file.read(buffer)) > 0;) {
                  this.currentProgress++;
                  updateStatus(this.currentProgress);
                  this.byteArray.write(buffer, 0, c);
              this.byteArray.flush();
              this.file.close();
              this.currentProgress = totalCicles;
              updateStatus(this.currentProgress);
          } catch(IOException e) {
              e.printStackTrace();
          System.out.println("Form1 doWork() FINAL this.byteArray.size(): " + this.byteArray.size());
          //done = true;
          System.out.println("AHORA DONE = TRUE");
          return "Done";
      public boolean isDone() {
          return this.done;
  FormularioApplet class (main)
  package es.cambrabcn.signer.gui;
  import java.awt.Color;
  import java.io.File;
  import java.io.FileNotFoundException;
  import java.io.IOException;
  import java.net.URL;
  import java.security.Security;
  import java.util.StringTokenizer;
  import java.util.Vector;
  import javax.swing.SwingUtilities;
  import netscape.javascript.JSObject;
  import org.bouncycastle.jce.provider.BouncyCastleProvider;
  import sun.security.provider.Sun;
  import be.cardon.cryptoapi.provider.CryptoAPIProvider;
  public class FormularioApplet extends java.applet.Applet {
      //Variables globales
      int paso = 0;
      private static final String JS_ONLOAD = "onLoad";
      private static final String JS_ONLOADERROR = "onLoadError";
      private static final int SIGNATURE_PDF = 1;
      private static final int SIGNATURE_XML = 2;
      //private String signButtonValue;
      private int signatureType;
      private String documentToSign;
      private String pdfSignatureField;
      private Vector<String> outputFilename;
      private Color appletBackground = new Color(255, 255, 255);
      private Vector<byte[]> ftbsigned;
       * Initializes the applet FormularioApplet
      public void init(){
          try {
              SwingUtilities.invokeLater(new Runnable() {
              //SwingUtilities.invokeAndWait(new Runnable() {
              //java.awt.EventQueue.invokeAndWait(new Runnable() {
                  public void run() {
                      try{
                          readParameters();
                          initComponents();
                      catch(FileNotFoundException e){
                          javascript(JS_ONLOADERROR, new String[] {
                              (new StringBuilder("Init: ")).append(e.getMessage()).toString()});
                          e.printStackTrace();                       
                      catch(IOException e) {
                          javascript(JS_ONLOADERROR, new String[] {
                              (new StringBuilder("Init: ")).append(e.getMessage()).toString()});
                          e.printStackTrace();
          catch (Exception e) {
              javascript(JS_ONLOADERROR, new String[] {
                  (new StringBuilder("Init: ")).append(e.getMessage()).toString()});
              e.printStackTrace();
          javascript(JS_ONLOAD, null);
      /** This method is called from within the init() method to
       * initialize the form.
       * WARNING: Do NOT modify this code. The content of this method is
       * always regenerated by the Form Editor.
      // <editor-fold defaultstate="collapsed" desc=" C�digo Generado ">
      private void initComponents() {
          this.setSize(350, 450);
          appletPanel = new javax.swing.JPanel();
          jPanel1 = new javax.swing.JPanel();
          jTextField1 = new javax.swing.JLabel();
          jPanel2 = new javax.swing.JPanel();
          label = new javax.swing.JLabel();
          jPanel3 = new javax.swing.JPanel();
          jButton1 = new javax.swing.JButton();
          jButton2 = new javax.swing.JButton();
          setLayout(new java.awt.BorderLayout());
          appletPanel.setBackground(new java.awt.Color(255, 255, 255));
          appletPanel.setMaximumSize(new java.awt.Dimension(350, 430));
          appletPanel.setMinimumSize(new java.awt.Dimension(350, 430));
          appletPanel.setPreferredSize(new java.awt.Dimension(350, 430));
          jPanel1.setBackground(new java.awt.Color(255, 255, 255));
          jPanel1.setBorder(javax.swing.BorderFactory.createLineBorder(new java.awt.Color(0, 102, 204)));
          jTextField1.setFont(new java.awt.Font("Arial", 1, 18));
          jTextField1.setHorizontalAlignment(javax.swing.SwingConstants.CENTER);
          jTextField1.setText("SIGNATURA ELECTRONICA");
          org.jdesktop.layout.GroupLayout jPanel1Layout = new org.jdesktop.layout.GroupLayout(jPanel1);
          jPanel1.setLayout(jPanel1Layout);
          jPanel1Layout.setHorizontalGroup(
              jPanel1Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(jPanel1Layout.createSequentialGroup()
                  .addContainerGap()
                  .add(jTextField1, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, 308, Short.MAX_VALUE)
                  .addContainerGap())
          jPanel1Layout.setVerticalGroup(
              jPanel1Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(jPanel1Layout.createSequentialGroup()
                  .addContainerGap()
                  .add(jTextField1, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, 24, Short.MAX_VALUE)
                  .addContainerGap())
          jPanel2.setBackground(new java.awt.Color(255, 255, 255));
          jPanel2.setBorder(javax.swing.BorderFactory.createLineBorder(new java.awt.Color(0, 102, 204)));
          label.setHorizontalAlignment(javax.swing.SwingConstants.CENTER);
          label.setIcon(new javax.swing.ImageIcon("C:\\java\\workspaces\\cambrabcn\\firmasElectronicas\\logo.gif"));
          org.jdesktop.layout.GroupLayout jPanel2Layout = new org.jdesktop.layout.GroupLayout(jPanel2);
          jPanel2.setLayout(jPanel2Layout);
          jPanel2Layout.setHorizontalGroup(
              jPanel2Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(jPanel2Layout.createSequentialGroup()
                  .addContainerGap()
                  .add(label, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, 308, Short.MAX_VALUE)
                  .addContainerGap())
          jPanel2Layout.setVerticalGroup(
              jPanel2Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(jPanel2Layout.createSequentialGroup()
                  .addContainerGap()
                  .add(label)
                  .addContainerGap(229, Short.MAX_VALUE))
          jPanel3.setBackground(new java.awt.Color(255, 255, 255));
          jPanel3.setBorder(javax.swing.BorderFactory.createLineBorder(new java.awt.Color(0, 102, 204)));
          //this.jButton1.setVisible(false);
          //this.jButton2.setVisible(false);
          jButton1.setText("Seg\u00fcent");
          jButton1.setAlignmentX(0.5F);
          //Cargamos el primer formulario en el JPanel2
          loadFirstForm();
          //Modificamos el texto del bot�n y el contador de pasos.
          //this.jButton1.setText("Siguiente");
          //this.jButton1.setVisible(true);
          //this.jButton2.setVisible(true);
          jButton1.addActionListener(new java.awt.event.ActionListener() {
              public void actionPerformed(java.awt.event.ActionEvent evt) {
                  jButton1ActionPerformed(evt);
          jButton2.setText("Cancel\u00b7lar");
          jButton2.addActionListener(new java.awt.event.ActionListener() {
              public void actionPerformed(java.awt.event.ActionEvent evt) {
                  jButton2ActionPerformed(evt);
          org.jdesktop.layout.GroupLayout jPanel3Layout = new org.jdesktop.layout.GroupLayout(jPanel3);
          jPanel3.setLayout(jPanel3Layout);
          jPanel3Layout.setHorizontalGroup(
              jPanel3Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(org.jdesktop.layout.GroupLayout.TRAILING, jPanel3Layout.createSequentialGroup()
                  .addContainerGap()
                  .add(jButton1, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE, 94, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE)
                  .addPreferredGap(org.jdesktop.layout.LayoutStyle.RELATED, 112, Short.MAX_VALUE)
                  .add(jButton2, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE, 102, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE)
                  .addContainerGap())
          jPanel3Layout.setVerticalGroup(
              jPanel3Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(org.jdesktop.layout.GroupLayout.TRAILING, jPanel3Layout.createSequentialGroup()
                  .addContainerGap()
                  .add(jPanel3Layout.createParallelGroup(org.jdesktop.layout.GroupLayout.BASELINE)
                      .add(jButton2)
                      .add(jButton1))
                  .addContainerGap())
          org.jdesktop.layout.GroupLayout appletPanelLayout = new org.jdesktop.layout.GroupLayout(appletPanel);
          appletPanel.setLayout(appletPanelLayout);
          appletPanelLayout.setHorizontalGroup(
              appletPanelLayout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(org.jdesktop.layout.GroupLayout.TRAILING, appletPanelLayout.createSequentialGroup()
                  .addContainerGap()
                  .add(appletPanelLayout.createParallelGroup(org.jdesktop.layout.GroupLayout.TRAILING)
                      .add(org.jdesktop.layout.GroupLayout.LEADING, jPanel2, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
                      .add(org.jdesktop.layout.GroupLayout.LEADING, jPanel1, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
                      .add(org.jdesktop.layout.GroupLayout.LEADING, jPanel3, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
                  .addContainerGap())
          appletPanelLayout.setVerticalGroup(
              appletPanelLayout.createParallelGroup(org.jdesktop.layout.GroupLayout.LEADING)
              .add(org.jdesktop.layout.GroupLayout.TRAILING, appletPanelLayout.createSequentialGroup()
                  .addContainerGap()
                  .add(jPanel1, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE)
                  .addPreferredGap(org.jdesktop.layout.LayoutStyle.RELATED)
                  .add(jPanel2, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
                  .addPreferredGap(org.jdesktop.layout.LayoutStyle.RELATED)
                  .add(jPanel3, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE, org.jdesktop.layout.GroupLayout.DEFAULT_SIZE, org.jdesktop.layout.GroupLayout.PREFERRED_SIZE)
                  .addContainerGap())
          add(appletPanel, java.awt.BorderLayout.CENTER);
      }// </editor-fold>
      private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {
          this.destroy();
      private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {                                        
          changeForms(this.paso);
      // Declaraci�n de variables - no modificar
      private javax.swing.JPanel appletPanel;
      private javax.swing.JButton jButton1;
      private javax.swing.JButton jButton2;
      private javax.swing.JPanel jPanel1;
      private javax.swing.JPanel jPanel2;
      private javax.swing.JPanel jPanel3;
      private javax.swing.JLabel jTextField1;
      private javax.swing.JLabel label;
      // Fin de declaraci�n de variables
       * M�todo readParameters
       * M�todo que inicializa los valores de los par�metros internos, recibidos por par�metro.
      private void readParameters() throws FileNotFoundException, IOException {
           ???????????????? deleted for the forum
          addSecurityProviders();
       * M�tode loadFirstForm
       * Aquest m�tode carrega a jPanel2 el formulari que informa sobre la c�rrega dels arxius
      private void loadFirstForm(){
          //Form1 f1 = new Form1(stream, i + 1, fileURL.size(), sender.returnCurrentContentLength(), appletBackground);
          //Form1 f1 = new Form1(fileURL.size(), sender.returnCurrentContentLength());
          Form1 f1 = new Form1();
          //Lo dimensionamos y posicionamos
          f1.setSize(310, 150);
          f1.setLocation(10, 110);
          //A�adimos el formulario al JPanel que lo contendr�
          this.jPanel2.add(f1);
          //Validem i repintem el JPanel
          jPanel2.validate();
          jPanel2.repaint();
          //Descarreguem l'arxiu a signar
          *System.out.println("FormularioApplet Dentro de loadFirstForm(), antes de llamar a getDownloadFile()");*
          *byte obj[] = f1.getDownloadedFile(this.documentToSign);*
          if (obj == null){
              System.out.println("Lo que devuelve f1.getDownloadedFile(this.documentToSign) es NULL");
          else{
              System.out.println("Lo que devuelve f1.getDownloadedFile(this.documentToSign) NO es NULL");
              System.out.println("obj: " + obj.length);
          this.ftbsigned.add(obj);
          System.out.println("FormularioApplet Dentro de loadFirstForm(), despu�s de llamar a getDownloadFile()");
          //Indicamos que el primer paso ya se ha efectuado
          this.paso++;
       * M�tode changeForms
       * Aquest m�tode carrega a jPanel2 un formulari concret segons el valor de la variable global "paso"
      private void changeForms(int paso){
          /*A cada paso se cargar� en el JPanel y formulario diferente
           * Paso previo: Se realiza en la inicializaci�n, carga el formulario, descarga el archivo y muestra la barra de carga.
           * Case 1: Se carga el formulario de selecci�n de tipo de firma.
           * Case 2: Se carga el formulario de datos de la persona que firma.
          this.paso = paso;
          switch(paso){
              case 1:
                  //Creamos un objeto de formulario (seleccion de tipo de firma)
                  Form2 f2 = new Form2();
                  //Lo dimensionamos y posicionamos
                  f2.setSize(310, 185);
                  f2.setLocation(10, 110);
                  //Quitamos el formulario 1 y a�adimos el formulario 2 al JPanel
                  this.jPanel2.remove(1);
                  this.jPanel2.add(f2);
                  //Validem i repintem el JPanel
                  jPanel2.validate();
                  jPanel2.repaint();
                  //Modificamos el contador de pasos.
                  this.paso++;
                  break;
              case 2:
                  //Creamos un objeto de formulario (seleccion de tipo de firma)
                  Form3 f3 = new Form3();
                  //Lo dimensionamos y posicionamos
                  f3.setSize(310, 175);
                  f3.setLocation(15, 130);
                  //Quitamos el formulario 1 y a�adimos el formulario 3 al JPanel
                  this.jPanel2.remove(1);
                  this.jPanel2.add(f3);
                  //Validem i repintem el JPanel
                  jPanel2.validate();
                  jPanel2.repaint();
                  //Modificamos el texto del bot�n y el contador de pasos.
                  this.jButton1.setText("Finalizar");
                  this.paso++;
                  break;
              default:
                  //Finalizar el Applet
                  //C�digo que se encargue de guardar el archivo en el disco duro del usuario
                  break;
      private void addSecurityProviders() throws FileNotFoundException, IOException {
          Security.addProvider(new CryptoAPIProvider());
          if (signatureType == SIGNATURE_PDF) {
              Security.addProvider(new BouncyCastleProvider());
          else {
              Security.addProvider(new Sun());
      private File createOutputFile(String filename, int index) {
          return new File((String)outputFilename.get(index));
      protected Object javascript(String function, String args[]) throws RuntimeException {
          //Remove
          if (true) return null;
          try {
              Vector<String> list = new Vector<String>();
              if(args != null) {
                  for(int i = 0; i < args.length; i++) {
                      list.addElement(args);
  if(list.size() > 0) {
  Object objs[] = new Object[list.size()];
  list.copyInto(objs);
  return JSObject.getWindow(this).call(function, objs);
  } catch(UnsatisfiedLinkError e) {
  e.printStackTrace();
  throw new RuntimeException((new StringBuilder()).append(e).append("\nFunci�: ").append(function).toString());
  } catch(Throwable e) {
  e.printStackTrace();
  throw new RuntimeException((new StringBuilder()).append(e).append("\nFunci�: ").append(function).toString());
  return JSObject.getWindow(this).call(function, new Object[0]);
  Edited by: Kefalegereta on Oct 31, 2007 3:54 AM
  Edited by: Kefalegereta on Oct 31, 2007 4:00 AM                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  Additional things to try.
  Try this first. Turn Off your iPad. Then turn Off (disconnect power cord) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  Change the channel on your wireless router. Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
   Cheers, Tom

• Strange Problems With Display and Permissions Since 10.5.1 update.

  Since I've done the 10.5.1 update I have been having a strange problem with my desktop and dock displays. On my desktop I have these strange lines that appear any time I log in or open any application, the lines never go away and change locations on the screen once I open an application or move a window. My dock has the reflective shelf for about half of it, the rest is a dull grey. I've also had problems with verifying and repairing my permissions. I can never actually complete either permissions task. I've used some third party apps, they always fail as well. The only time I can actually repair my permissions is by booting in to single user mode and doing a fsck -f command. When I boot back in to Leopard and try to use the Disk Utility to repair, it continues to fail.
  I'm not sure if the video problem I am having stems from a permissions issue or possibly a corrupt video driver. Either way, I've done a lot research and haven't found anyone with the same problems I have been having so I thought I would give these forums a shot.
  I am using a PowerMac G4 Quicksilver with dual 800Mhz, 1.5gb RAM, and a GeForce4 Ti 4600 128mb video card.
  Here is a screen shot of the line and dock problem.
  Here is a screen shot of my "About This Mac.
  If anyone could lend some light on this issue, I would greatly appreciate it.
  Thanks
  Jeff

  you can pile it on this: http://discussions.apple.com/thread.jspa?threadID=1246649&tstart=0
  btw - no solution yet.

• Problems with SharePoint2010 and Adobe Reader X

  hi all,
  i have a big problem with SharePoint2010 and Adobe Reader x. We can open .pdf Files from SharePoint but not Safe. The Error Message is "
  SharePoint, SQL and OS are installed in English. The problem is that the site was probably created from a German template. One would have to create the site from an English template and then add the other languages by MUI. It is a matter which language site in the settings under Language Settings is uppermost to:
  how can the problem be solved?it looks like here, the reader still an error..
  andre

  Hi,
  Could you repost the error-message that you see in Adobe Reader? The problem might be because of a known bug in Microsoft SharePoint server 2010. Certain required field types are missing in the German/French site templates which cause a SOAP request on the server to fail. A workaround is to add these field types to the library. You could add these fields manually or using a script. You could look for following field types which might be missing from the site template.
  "Content Type ID","Approver Comments","Name","Document Modified By","Document Created By","File Type","HTML File Type","Source URL","Shared File Index","Title","Template Link","HTML File Link","Is Signed", "Document ID Value", "Document ID", "Content Type", "Created", "Created By", "Modified", "Modified By", "Has Copy Destinations", "Copy Source", "Approval Status", "URL Path", "File Size", "Item Type","Sort Type", "Effective Permissions Mask", "ID of the User who has the item Checked Out", "Is Checked out to local", "Checked Out To", "Unique Id", "Client Id", "Virus Status", "Check In Comment", "Edit Menu Table Start", "Edit Menu Table End", "Server Relative URL", "Encoded Absolute URL", "Property Bag", "Level", "Is Current Version", "Item Child Count", "Folder Child Count", "Select", "Edit", "UI Version", "Instance ID", "Order", "Workflow Version", "Workflow Instance ID", "Source Version (Converted Document)", "Source Name (Converted Document)", "Document Concurrency Number","Relink", "Merge", "Path"
  Thanks,
  Richa

• Having problems with OSX and mail with the servers?

  Having problems with OSX and the mail servers?  Seems to be happening more and more?

  Hello,
  Who is your eMail provider, the part after the @ sign?
  In Mail's Window Menu, choose Connection Doctor, any red dots for status, if so what is the message?
  Then click the Show Details button & Check again.
  Open Keychain Access in Utilities, use Keychain First Aid under the Keychain Menu item, then either check the Password under that item, change it, or delete it and start over.
  You may have multiple entries.
  Open Keychain Access in Utilities, enter the part after the @ sign in the search bar, hit enter
  The Password rejection can confuse people since it's a catch all meaning...
  This Password, Username, Authentication method... is not recognized on this Port to this Server, more than one entry in Keychain for each in/out entry, or a server end problem.
  If using a browser to login via WebMail works it's not Name or Password, but one of the other ones.
  The receiving email ports are:
  IMAP is port 143
  IMAP-SSL is port 993
  POP is port 110
  POP-SSL is port 995
  Outgoing ports are...
  SMTP and SMTP-SSL is on ports 25, 587 and 465. Port 587 has to be SSL, and port 465 is enforced TLS-wrapped and is generally used by Outlook users.

• I am having problems with video and high content webpages freezing.  I am also getting pixel lines across my webpages.  Maybe two or three lines.  I was running os 10.4 but I just up graded to 10.6 the other day.  I have 2GB of RAM.

  I am having problems with video and high content webpages freezing.  I am also getting pixel lines across my webpages.  Maybe two or three lines.  I was running os 10.4 but I just up graded to 10.6 the other day.  I have 2GB of RAM.

  Exactlly which model iMac do you have?
  see > How to identify iMac models
  Unfortunately that is not all that uncommon for the Early Intel iMac's given there age and the fact that the air intakes are probably choked with dust. Then add the extra heat caused by running a more intense OS X which is causing it to run a little warmer than normal and putting extra stress on the graphic and display components.
  My 6½ year old 17" Early 2006 Core Duo w/2GB of RAM is also running 10.6.8 and is also starting to get a single line that (knock on wood) goes away after a few minutes, while many others started getting permanent ones after 2 or 3 years. One thing that I think has helped, is that about every 3 or 4 months I shutdown and vigorously vacuum out the bottom grill work and small vent under the stand to keep it running cool.
  On that note: unfortunately I can only suggest that you clean your intake vents and hope that no permanent or irreversible damage has been done.

• Problem with JFrame and busy/wait Cursor

  Hi -- I'm trying to set a JFrame's cursor to be the busy cursor,
  for the duration of some operation (usually just a few seconds).
  I can get it to work in some situations, but not others.
  Timing does seem to be an issue.
  There are thousands of posts on the BugParade, but
  in general Sun indicates this is not a bug. I just need
  a work-around.
  I've written a test program below to demonstrate the problem.
  I have the problem on Solaris, running with both J2SE 1.3 and 1.4.
  I have not tested on Windows yet.
  When you run the following code, three JFrames will be opened,
  each with the same 5 buttons. The first "F1" listens to its own
  buttons, and works fine. The other two (F2 and F3) listen
  to each other's buttons.
  The "BUSY" button simply sets the cursor on its listener
  to the busy cursor. The "DONE" button sets it to the
  default cursor. These work fine.
  The "SLEEP" button sets the cursor, sleeps for 3 seconds,
  and sets it back. This does not work.
  The "INVOKE LATER" button does the same thing,
  except is uses invokeLater to sleep and set the
  cursor back. This also does not work.
  The "DELAY" button sleeps for 3 seconds (giving you
  time to move the mouse into the other (listerner's)
  window, and then it behaves just like the "SLEEP"
  button. This works.
  Any ideas would be appreciated, thanks.
  -J
  import java.awt.BorderLayout;
  import java.awt.Cursor;
  import java.awt.event.ActionEvent;
  import java.awt.event.ActionListener;
  import javax.swing.JButton;
  import javax.swing.JFrame;
  import javax.swing.JPanel;
  import javax.swing.SwingUtilities;
  public class BusyFrameTest implements ActionListener
  private static Cursor busy = Cursor.getPredefinedCursor (Cursor.WAIT_CURSOR);
  private static Cursor done = Cursor.getDefaultCursor();
  JFrame frame;
  JButton[] buttons;
  public BusyFrameTest (String title)
  frame = new JFrame (title);
  buttons = new JButton[5];
  buttons[0] = new JButton ("BUSY");
  buttons[1] = new JButton ("DONE");
  buttons[2] = new JButton ("SLEEP");
  buttons[3] = new JButton ("INVOKE LATER");
  buttons[4] = new JButton ("DELAY");
  JPanel buttonPanel = new JPanel();
  for (int i = 0; i < buttons.length; i++)
  buttonPanel.add (buttons);
  frame.getContentPane().add (buttonPanel);
  frame.pack();
  frame.setVisible (true);
  public void addListeners (ActionListener listener)
  for (int i = 0; i < buttons.length; i++)
  buttons[i].addActionListener (listener);
  public void actionPerformed (ActionEvent e)
  System.out.print (frame.getTitle() + ": " + e.getActionCommand());
  if (e.getActionCommand().equals ("BUSY"))
  frame.setCursor (busy);
  else if (e.getActionCommand().equals ("DONE"))
  frame.setCursor (done);
  else if (e.getActionCommand().equals ("SLEEP"))
  frame.setCursor (busy);
  try { Thread.sleep (3000); } catch (Exception ex) { }
  frame.setCursor (done);
  System.out.print (" finished");
  else if (e.getActionCommand().equals ("INVOKE LATER"))
  frame.setCursor (busy);
  SwingUtilities.invokeLater (thread);
  else if (e.getActionCommand().equals ("DELAY"))
  try { Thread.sleep (3000); } catch (Exception ex) { }
  frame.setCursor (busy);
  try { Thread.sleep (3000); } catch (Exception ex) { }
  frame.setCursor (done);
  System.out.print (" finished");
  System.out.println();
  Runnable thread = new Runnable()
  public void run()
  try { Thread.sleep (3000); } catch (Exception ex) { }
  frame.setCursor (done);
  System.out.println (" finished");
  public static void main (String[] args)
  BusyFrameTest f1 = new BusyFrameTest ("F1");
  f1.addListeners (f1);
  BusyFrameTest f2 = new BusyFrameTest ("F2");
  BusyFrameTest f3 = new BusyFrameTest ("F3");
  f2.addListeners (f3); // 2 listens to 3
  f3.addListeners (f2); // 3 listens to 2

  I've had the same problems with cursors and repaints in a swing application, and I was thinking of if I could use invokeLater, but I never got that far with it.
  I still believe you would need a thread for the time consuming task, and that invokeLater is something you only need to use in a thread different from the event thread.

• Problem with installing and running some applications or drivers

  When installing and installing some items, towards the end of the installation I get this message:
  /System/Library/Extensions/comcy_driver_USBDevice.kext
  *was installed improperly and cannot be used. Please try reinstalling it or contact product's vendor for update*
  The end result is that some things do not seem to work properly, such as my HP printer. Would anybody have any ideas on how to fix this problem?

  Thank you for your response. Originally, I had a problem with Airport and ended up reinstalling Snow Leopard. Since then, when downloading upgrades etc, such as HP printer drivers, iTunes etc., towards the end of the download when its running the script, I get this message: /System/Library/Extensions/comcy_driver_USBDevice.kext
  +was installed improperly and cannot be used. Please try reinstalling it or contact product's vendor for update+
  Sometimes, the download hangs and is unable to complete. The main problem I've encountered so far with an application is when I use the printer to scan an image via Preview, it's blank: there's nothing there.

• Problems with outlook and address book contacts: my outlook contacts had around 3,000 entries. Outlook duplicated by itself and now outlook and address book have each over 340,000. What should I do?

  Problems with outlook and address book contacts: my outlook contacts had around 3,000 entries. Outlook duplicated entries and have now 340,000. I reinstalled microsoft office and, thus, outlook, and reinstalled mac OS X system and applications. While I managed to delete outlook contacts so that I can re-sync with my blackberry, the contacts at Mac Address Book were not deleted and still have over 340,000 entries. I do not mind deleting all contacts since I have back up, but I have not been able to delete them. Also, when I go at Address Book and try to delete or merge duplicated entries, the system takes forever and never ends because of such large amount of entries. Worse, when I do so I run out of RAM memory.
  My Macbook pro is just 2 months old.
  What should I do? Is there a way to delete my Mac Address Book without having the problem above?
  Many thanks
  Regis

  zlatan24 wrote:
  For solving out troubles connected with corrupted or lost address book you may use address book recovery. It owns various features such as restoring wab files, it working under any Windows OS. The utility has modern and easy to use interface due to almost every experienced users.
  If it is a windows problem it's not going to run on the OP's MacBook Pro

• Problems with Safari and Firefox (HTTP?)

  Problems with Safari and Firefox (HTTP?)
  On a laptop G4, 10.5.8 and Safari 5.02 I experience the following:
  On the account of my oldest daughter everything works fine, i.e. wireless internet works and no problems with mail or safari.
  On the same laptop, on the account of my other daughter, the wireless is OK, she can mail etc. But safari nor firefox works. It says: can’t find server (whatever site) and in the activity window it looks if safari tries to open files (in the safari preferences-folder) in stead of http. Same applies to Firefox, so maybe it has more to do with HTTP in general?
  What goes wrong? What to do? I tried the following on the host terminal (tips from Apple)
  defaults write com.apple.safari WebKitDNSPrefetchingEnabled -boolean false
  and
  defaults delete com.apple.safari WebKitDNSPrefetchingEnabled
  but that did not help,
  Nanne

  I'm still wondering why it happens now at this moment in time...
  PC does seem to be a bit odd & inconsistent, the few times I've tested with it, at least so far as we content filtering goes; and if I remember rightly, you're not the first to report previously ok settings suddenly preventing some or all internet until pc is switched off altogether.
  It may work when re-enabled