Propagation of security between appplications and servers

It appears that WebLogic propagates security between applications and
domains using a cookie. So as long as all applications use the same
cookie id (JSESSIONID) then a single sign-on is enabled between
applications.
Is it correct this would apply to propagation between portal and
non-portal applications in the same clustered environment?
In a different vein, is there a way of propagating security
information between different servers or different clusters?
Say, for example, server1 (or cluster1) allows a user to sign-in and
presents a page with a link to server2 (or cluster2). We would like to
be able to propagate transparently the security information gathered
at the sign-in on server1 to the application on server2.
I'm assuming the cookie placed in the browser from server1 would not
be passed to server2. Is there a way, programmatically or otherwise,
to enable this to occur in a secure way?

try this...as a test..
take a simple Contact ejb (as simple as you can make it, just a name and email address). In the ejb-jar.xml set up a role, for example, user, and restrict the access to only this role for all methods.
try to access the ejb from a jsp, and you should get the login form identified in your web.xml file.
make sure that the ejb is noted in the web.xml file, also.
this should work...
no try this...identify a role in your web.xml file, (user, for example) and restrict the access to the a particular jsp which is not calling the ejb. IF you navigate to this jsp, you should get the login prompt...
this should work....
now the tough part
in your application.xml create a role with the same name, user. By doing this, you have created a global role, and connect the two together.
Now point your browser to the restricted jsp with no calls to the ejb...you should get the login, so login in.
now navigate to your jsp which is unrestricted, but calls the restricted ejb...
there should now be no login prompt.
This should work.

Similar Messages

  • Propagation of ctx between EJB and JSP

    Hello,
    Does anybody know how to propagate the Security
    Context between EJB and JSP so that when I login in my JSP page the user will be after recognized in my EJB system ?
    Thanks
    Francesco

    try this...as a test..
    take a simple Contact ejb (as simple as you can make it, just a name and email address). In the ejb-jar.xml set up a role, for example, user, and restrict the access to only this role for all methods.
    try to access the ejb from a jsp, and you should get the login form identified in your web.xml file.
    make sure that the ejb is noted in the web.xml file, also.
    this should work...
    no try this...identify a role in your web.xml file, (user, for example) and restrict the access to the a particular jsp which is not calling the ejb. IF you navigate to this jsp, you should get the login prompt...
    this should work....
    now the tough part
    in your application.xml create a role with the same name, user. By doing this, you have created a global role, and connect the two together.
    Now point your browser to the restricted jsp with no calls to the ejb...you should get the login, so login in.
    now navigate to your jsp which is unrestricted, but calls the restricted ejb...
    there should now be no login prompt.
    This should work.

  • Inconsistant Security Between EAS and App Man

    Has anybody seen differences between what App manager and EAS show for security information. In App Mangager I have Supervisor rights explicitly, not through a group. EAS lists me as a user with no rights to anything when I look at the same server. I also found that if I click on some Groups and select the user tab there are no users in the list to add to the group. I have 500 users under the user list. I also don't get any groups to add when I try to add a user to a group by editing the properties of the user.

    What version of EAS are you o get then?I am currently using 6.5.0 and 6.5.1 and I do not have any issues like you descibe.You described the user having Supervisor access, are you loging into EAS as that person and getting no lists of users etc. If you login as the Essbase Admin, (id from the original instal) do you get the same response?Regards,Corey BidmeadClarity Systems

  • Security between Proxy and Business Services

    Dear All
    We are trying to restrict business service access only through proxy services. Will outbound security using service accounts can do this task? I enabled basic authentication at business service level and tried to pass username/password token through soap header in proxy service. I get "The invocation resulted in an error: Unauthorized." error.
    Please suggest if this is the correct approach.
    Thanks,
    Amjad.

    I'm affraid you didn't get the very basic meaning of business service.
    >
    I want BS1 to be accessed only through PS1 and hence need to secure BS1.
    >
    1. You don't need to secure BS because of this reason since every BS can be accessed only through PS. There is no way you can call BS outside of OSB. BS is just a definition of external (business) service.
    2. Authentication set on BS is not meant to restrict access to BS itself. It is set to use credentials to access some service from OSB (WS1 in your case).
    >
    When BS1 is directly accessed through OSB console, I get "The invocation resulted in an error: Unauthorized".
    >
    This is only a testing form. Again, there is no chance you could call BS outside of OSB. On top of that, if you test BS which has pass-through account set, the test fails as there are no credentials to be passed to BS from PS as there was no PS called.
    I suggest you go back to OSB basics:
    http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/tutorial/tutIntro.html#wp1045005
    http://docs.oracle.com/cd/E14571_01/doc.1111/e15020/architecture_overview.htm#i1094753

  • The problem about Secure Reliable Messaging between WCF and Weblogic

    I'm doing a project for testing the interoperability between WCF and Weblogic with secure reliable messaging.
    When WCF client talk to Weblogic service with Secure Reliable feature enabled.We got error when CreateSequence, the error message is below:
    The incoming message was signed with a token which was different from what used to encrypt the body. This was not expected.
    The remote endpoint requested an address for acknowledgements that is not the same as the address for application messages. The channel could not be opened because this is not supported. Ensure the endpoint address used to create the channel is identical to the one the remote endpoint was set up with.
    My understanding is that the client accepted the RSTR from weblogic (so both sides now share the secure conversation token) and moved on to CreateSequence (and failed due to config mismatches). But I don't how the error happen and how to get it fixed.
    -- below is the wsdl you are using --
    Any ideas about it?
    Thanks in advance!!!!!!
    <?xml version='1.0' encoding='utf-8'?>
    <WL5G3N4:definitions name="EchoStringSignOnly" targetNamespace="http://tempuri.org/" xmlns="" xmlns:WL5G3N0="http://www.w3.org/ns/ws-policy" xmlns:WL5G3N1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:WL5G3N2="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" xmlns:WL5G3N3="http://docs.oasis-open.org/ws-rx/wsrmp/200702" xmlns:WL5G3N4="http://schemas.xmlsoap.org/wsdl/" xmlns:WL5G3N5="http://tempuri.org/" xmlns:WL5G3N6="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:WL5G3N7="http://schemas.xmlsoap.org/wsdl/soap12/">
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly1_EchoString_Input_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly1_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <WL5G3N2:RMAssertion>
    <WL5G3N2:InactivityTimeout Milliseconds="600000"/>
    <WL5G3N2:AcknowledgementInterval Milliseconds="200"/>
    </WL5G3N2:RMAssertion>
    <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:ProtectionToken>
    <wsp15:Policy>
    <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <sp:RequireDerivedKeys/>
    <sp:BootstrapPolicy>
    <wsp15:Policy>
    <sp:SignedParts>
    <sp:Body/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    <sp:EncryptedParts>
    <sp:Body/>
    </sp:EncryptedParts>
    <sp:AsymmetricBinding>
    <wsp15:Policy>
    <sp:InitiatorToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:InitiatorToken>
    <sp:RecipientToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:RecipientToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss11>
    <wsp15:Policy>
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13>
    <wsp15:Policy>
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    </wsp15:Policy>
    </sp:BootstrapPolicy>
    </wsp15:Policy>
    </sp:SecureConversationToken>
    </wsp15:Policy>
    </sp:ProtectionToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:SymmetricBinding>
    <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    <wsam:Addressing xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
    <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsam:NonAnonymousResponses/>
    </wsp:Policy>
    </wsam:Addressing>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly_EchoString_output_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="UsesSequenceSTR" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="ChannelInstance" Namespace="http://schemas.microsoft.com/ws/2005/02/duplex"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly1_EchoString_output_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly_EchoString_Input_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body/>
    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="UsesSequenceSTR" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
    <sp:Header Name="ChannelInstance" Namespace="http://schemas.microsoft.com/ws/2005/02/duplex"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N0:Policy WL5G3N1:Id="CustomBinding_IEchoStringSignOnly_policy">
    <WL5G3N0:ExactlyOne>
    <WL5G3N0:All>
    <WL5G3N3:RMAssertion/>
    <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:ProtectionToken>
    <wsp15:Policy>
    <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <sp:RequireDerivedKeys/>
    <sp:BootstrapPolicy>
    <wsp15:Policy>
    <sp:SignedParts>
    <sp:Body/>
    <sp:Header Name="ChannelInstance" Namespace="http://schemas.microsoft.com/ws/2005/02/duplex"/>
    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
    </sp:SignedParts>
    <sp:EncryptedParts>
    <sp:Body/>
    </sp:EncryptedParts>
    <sp:AsymmetricBinding>
    <wsp15:Policy>
    <sp:InitiatorToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:InitiatorToken>
    <sp:RecipientToken>
    <wsp15:Policy>
    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
    <wsp15:Policy>
    <!--<sp:RequireThumbprintReference/>-->
    <sp:WssX509V3Token10/>
    </wsp15:Policy>
    </sp:X509Token>
    </wsp15:Policy>
    </sp:RecipientToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss11>
    <wsp15:Policy>
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13>
    <wsp15:Policy>
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    </wsp15:Policy>
    </sp:BootstrapPolicy>
    </wsp15:Policy>
    </sp:SecureConversationToken>
    </wsp15:Policy>
    </sp:ProtectionToken>
    <sp:AlgorithmSuite>
    <wsp15:Policy>
    <sp:Basic128Rsa15/>
    </wsp15:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp15:Policy>
    <sp:Strict/>
    </wsp15:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp/>
    <sp:OnlySignEntireHeadersAndBody/>
    </wsp15:Policy>
    </sp:SymmetricBinding>
    <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    </wsp15:Policy>
    </sp:Wss11>
    <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp15:Policy xmlns:wsp15="http://www.w3.org/ns/ws-policy">
    <sp:MustSupportIssuedTokens/>
    <sp:RequireClientEntropy/>
    <sp:RequireServerEntropy/>
    </wsp15:Policy>
    </sp:Trust13>
    <cdp:CompositeDuplex xmlns:cdp="http://schemas.microsoft.com/net/2006/06/duplex"/>
    <ow:OneWay xmlns:ow="http://schemas.microsoft.com/ws/2005/05/routing/policy"/>
    <wsam:Addressing xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
    <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsam:NonAnonymousResponses/>
    </wsp:Policy>
    </wsam:Addressing>
    </WL5G3N0:All>
    </WL5G3N0:ExactlyOne>
    </WL5G3N0:Policy>
    <WL5G3N4:types>
    <xsd:schema targetNamespace="http://tempuri.org/Imports" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <xsd:import namespace="http://tempuri.org/" schemaLocation="RequestReplySignOnly.svc.xsd0.xml"/>
    <xsd:import namespace="http://schemas.microsoft.com/2003/10/Serialization/" schemaLocation="RequestReplySignOnly.svc.xsd1.xml"/>
    </xsd:schema>
    </WL5G3N4:types>
    <WL5G3N4:message name="PingRequest">
    <WL5G3N4:part element="WL5G3N5:PingRequest" name="parameters"/>
    </WL5G3N4:message>
    <WL5G3N4:message name="PingResponse">
    <WL5G3N4:part element="WL5G3N5:PingResponse" name="parameters"/>
    </WL5G3N4:message>
    <WL5G3N4:portType name="IEchoStringSignOnly">
    <WL5G3N4:operation name="EchoString">
    <WL5G3N4:input message="WL5G3N5:PingRequest" name="PingRequest"/>
    <WL5G3N4:output message="WL5G3N5:PingResponse" name="PingResponse"/>
    </WL5G3N4:operation>
    </WL5G3N4:portType>
    <WL5G3N4:binding name="CustomBinding_IEchoStringSignOnly" type="WL5G3N5:IEchoStringSignOnly">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N6:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
    <WL5G3N4:operation name="EchoString">
    <WL5G3N6:operation soapAction="urn:wsrm:EchoString" style="document"/>
    <WL5G3N4:input name="PingRequest">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly_EchoString_Input_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N6:body use="literal"/>
    </WL5G3N4:input>
    <WL5G3N4:output name="PingResponse">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly_EchoString_output_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N6:body use="literal"/>
    </WL5G3N4:output>
    </WL5G3N4:operation>
    </WL5G3N4:binding>
    <WL5G3N4:binding name="CustomBinding_IEchoStringSignOnly1" type="WL5G3N5:IEchoStringSignOnly">
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly1_policy"/>
    </WL5G3N0:Policy>
    <WL5G3N7:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
    <WL5G3N4:operation name="EchoString">
    <WL5G3N7:operation soapAction="urn:wsrm:EchoString" style="document"/>
    <WL5G3N4:input name="PingRequest">
    <WL5G3N7:body use="literal"/>
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly1_EchoString_Input_policy"/>
    </WL5G3N0:Policy>
    </WL5G3N4:input>
    <WL5G3N4:output name="PingResponse">
    <WL5G3N7:body use="literal"/>
    <WL5G3N0:Policy>
    <WL5G3N0:PolicyReference URI="#CustomBinding_IEchoStringSignOnly1_EchoString_output_policy"/>
    </WL5G3N0:Policy>
    </WL5G3N4:output>
    </WL5G3N4:operation>
    </WL5G3N4:binding>
    <WL5G3N4:service name="EchoStringSignOnly">
    <WL5G3N4:port binding="WL5G3N5:CustomBinding_IEchoStringSignOnly" name="CustomBinding_IEchoStringSignOnly">
    <WL5G3N6:address location="http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Addressable_Soap11_WSAddressing10_RM11"/>
    <wsa10:EndpointReference xmlns:wsa10="http://www.w3.org/2005/08/addressing">
    <wsa10:Address>http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Addressable_Soap11_WSAddressing10_RM11</wsa10:Address>
    <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
    <X509Certificate>MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdfuJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBeIxybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2ludGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg55vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZIhvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWsemDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIanPYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfWJ76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</X509Certificate>
    </X509Data>
    </KeyInfo>
    </Identity>
    </wsa10:EndpointReference>
    </WL5G3N4:port>
    <WL5G3N4:port binding="WL5G3N5:CustomBinding_IEchoStringSignOnly1" name="CustomBinding_IEchoStringSignOnly1">
    <WL5G3N7:address location="http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Anonymous_Soap12_WSAddressing10_RM10"/>
    <wsa10:EndpointReference xmlns:wsa10="http://www.w3.org/2005/08/addressing">
    <wsa10:Address>http://mss-rrsp-01/ReliableMessaging_Service_WSAddressing10_Indigo/RequestReplySignOnly.svc/SecureReliable_Anonymous_Soap12_WSAddressing10_RM10</wsa10:Address>
    <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
    <X509Certificate>MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdfuJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBeIxybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2ludGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg55vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZIhvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWsemDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIanPYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfWJ76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</X509Certificate>
    </X509Data>
    </KeyInfo>
    </Identity>
    </wsa10:EndpointReference>
    </WL5G3N4:port>
    </WL5G3N4:service>
    </WL5G3N4:definitions>

    Bruce Stephens <[email protected]> wrote:
    Hi Michael,
    The short answer, at this time, OOTB, WS-RM interop with an unknown
    vendor would be doubtful. For a longer answer, David Orchard has a good
    review of the emerging web services specs [0]. You might consider ebXML
    messaging [1] as a more mature solution.
    Thank you Bruce. I will look at these docs.
    Mike S.
    Hope this helps,
    Bruce
    [0]
    http://dev2dev.bea.com/technologies/webservices/articles/ws_orchard.jsp
    [1]
    http://e-docs.bea.com/wli/docs70/ebxml/getstart.htm
    Michael Shea wrote:
    Hello,
    We have developed an application that is running on the WebLogic AppServer v8.1
    sp1.
    Recently we have received a request/query on providing reliable SOAPmessaging
    from our application to 3rd party.
    I have read the documentation on Reliable messaging support and havenoted that
    it is only supported between two WebLogic Application servers.
    My questions are, since we do not have control of the 3rd party's application,
    and it may not be based on a WebLogic App Server:
    1. Will this work?
    2. Does anyone have any idea of the type of issues that may be experienced?
    3. How close is the implementation to the WS Reliable Messaging specification?
    So, if the other party was based on an IBM or Microsoft implementationis this
    likely to work?
    It goes without saying that any work done would need to be very throughlytested
    and qualified.
    I have looked through the WebLogic Documentation on WebServices aswell as searching
    this newgroup for other posts on this topic, hopefully I have not missedanything
    (If so, my apologies.)
    Thanks,
    Mike Shea.

  • "logon time" between USR41 and security audit log

    Dear colleagues,
    I got a following question from customer for security audit reason.
    > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
    > logon history of Security Audit Log(Tr-cd:SM20)?
    Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
    And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
    at the time when user logged on, the security audit log is recorded .
    I tried to check SAP GUI logon program:SAPMSYST several ways, however,
    I could not check it because the program is protected even for read access.
    I want to know about specification of "logon time" between USR41 and security audit log,
    or about how to look into the program:SAPMSYST and debug it.
    Thank you.
    Best Regards.

    Hi,
    If you configure Security Audit you can achieve your goals...
    1-Audit the employees how access the screens, tables, data...etc
    Answer : Option 1 & 3
    2-Audit all changes by all users to the data
    Answer : Option 1 & 3
    3-Keep the data up to one month
    Answer: No such settings, but you can define maximum log size.
    4-Log retention period can be defined.
    Answer: No !.. but you can define maximum log size.
    SM19/SM20 Options:
    1-Dialog logon
    You can check how many users logged in and at what time
    2-RFC login/call
    Same as above you can check RFC logins
    3-Transaction/report start
    You can see which report or transaction are executed and at what time
    (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
    4-User master change
    (You can see user master changes log with this option)
    5-System/Other events
    (System error can be logged using this option)
    Hope, it clear the things...
    Regards.
    Rajesh Narkhede

  • What's the security difference between WPA and WPA2 Personal?

    In order to get my G4 iMac (OS 10.4.11) onto my new AEBS(b/g/n) wi-fi network, I had to drop the network security down from WPA2 Personal to WPA/WPA2 Personal.
    What are the potential security risks in this mode? I know that WEP is no longer secure, so I'm concerned about WPA also being vulnerable.
    If there's a good online explanation of these security differences (not necessarily Apple-only), you just give me that link.
    Thanks

    Hi,
    Summary:
    1.WPA2 is the improved version of WPA
    2.WPA only supports TKIP encryption while WPA2 supports AES
    3.Theoretically, WPA2 is not hackable while WPA is
    4.WPA2 requires more processing power than WPA
    http://www.differencebetween.net/technology/difference-between-wpa-and-wpa2/

  • How can I sync security between Plannig, HSS and EAS?

    Hi,
    I think that I've trouble with security. Many answers at this forum contain that I need to sync security between Plannig, HSS and EAS?
    How can I do it on EPM11.1.1.3?

    Hi,
    If you feel that Shared Services is not in sync with Planning then you can use the [provisonusers |http://download.oracle.com/docs/cd/E12825_01/epm.111/hp_admin/ch03s13.html] utility.
    If you want to sync essbase with Shared Services you can either right click security in EAS and refresh from HSS or use Maxl.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • DIfference between BW and R/3 Security

    Hi
    Please tell me whats the difference between BW and R/3 Security
    Thanks

    Hi,
    The main difference is that, in R/3 the first line of defence it S_TCODE, i mean its completely based on Transaction.
    Where as B/W is completely object based i.e, it deals with securing Infoobjetcs, Infocubes, ODS, BW Queries, etc....
    For more ingormation on BW Seecurity, please visit:
    http://www.*********************/bw_security/bw_security.htm
    Hope it helps.
    Please award points if it is useful.
    thanks & regards,
    santosh

  • Secure the file/data transfer between XI and any third-party system

    Hi All,,
    I would like to use to "secure" SSH on OS Level the file/data transfer between XI and any third-party system Run OS Command before processing and OS command After processing. right now my XI server installed on iSeries OS.
    with ISeries we can't call the Unix commands hope we need to go for AS400 (CL) Programming. If we created the AS400 programm how i can call that in XI.
    If any one have idea pls let me know weather it will work or not.
    Thanks in adavance.
    Venkat

    Hi,
    Thanks for your reply.
    I have red some blogs like /people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi to call the Unix Shell script in XI.
    But as i know in iSeries OS we can write the shell script we need to go for AS400 programe. If we go with AS400 how we need to call that programe and it will work or not i am not sure there i need some help please.
    Thanks,
    Venkat

  • What is the difference between "Replace" and "Replace by Security"

    Hi all,
    I am implementing FDM to Load data to HFM, I set them up with a proper security on the shared service and FDM. When I load data to HFM from FDM, there are 4 options to load data. (Replace, Merge, Accumulate, Replace by Security)
    A document states that
    Replace: Clears all account values from the target application, and replaces that the data in the application with the data in the load file.
    Replace by Security: Loads data to the target application only for members to which you have access.
    However, even if I used “Replace”, it worked with security which I set.
    Does anyone know what the difference between “Replace” and “Replace by Security”?
    Is there any way that FDM works without security?
    Thanks in advance
    taku

    The fact both methods are producing the same results will either be coincidence or perhaps because you are mis-interpreting the difference between the 2. When you run a Replace HFM will clear out all data based on the combination of Scenario, Year, Period, Entity and Value dimensions it does not care if you have set up security classes which may restrict access to any of the other dimensions i.e. Account, Custom1 thru 4. When you use Replace By Security HFM will still clear on the original criteria but it will respect security class restrictions set up on the other dimensions e.g. if you are assigned to a security class which is restricted to accessing only a certain subset of accounts, HFM will not clear data fro the accounts you don't have access to when you use Replace By Security

  • Difference between Security Oracle user and Security User

    Hi All,
    Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
    Thanks,
    Mahesh.
    Edited by: 991854 on Mar 12, 2013 1:49 AM

    Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
    Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
    http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
    Security > Oracle > Data Group:
    A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
    http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
    Security > User > Define:
    Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
    http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
    Thanks,
    Hussein

  • Security Profiles - Difference between SYSTEM and TENANT admin user?

    Hi,
    In the OnDemand Enterprise workbook, some defualt security profiles have been configured.  This includes one called 'Tenant Admin'.   When I look in the system there is also a profiule called 'System Admin'.  Could somebody please explan the differences between system and tenant regarding these profiles?   I assume we shoul drarely use System Admin, and Tenant Admin is the safer option?
    Thanks
    John

    Hi,
    As you mentioned there are 2 status can be maintained for documents like Equipment Master, Notification, Maintenance Order & other important business documents.
    In case, client feels that system status is not enough to capture the details of the object, then user status can be used.
    System statuses will be updated automatically based on business transactions which will be done on SAP.
    For example, once the equipment is created, System status would CRTD (Created). If you install the same to some superior equipment or FL, then status would be INST (Installed).
    If you keeping that equipment in Spare, then for that, you have to maintain separate User Status like AVLB (Available in Stock / Spare) so that through IH08, by using User status, you can the report which is available as spare.
    These user status as per the name, should be updated by the user manually.
    Regards,
    Maheswaran.

  • Difference between Structural and Org. Based Security

    Hi
       Could anyone please explain the difference between Structural and Org. based security
    Also could anyone please point to relevant documents.
    Thanks

    Structural authorization:
    ex: assigning roles to position and not to userids.. Listed below are some links that may help you to get started in understanding "Structural authorization".
    http://www.sap-img.com/human/structural-authorization-vs-role-authorization.htm
    http://www.sap-press.de/katalog/buecher/inhaltsverzeichnis/gp/titelID-1071
    https://websmp205.sap-ag.de/~form/ehandler?_APP=00200682500000001337&_EVENT=DISPLAY&COURSE=ADM940
    HB

  • Difference between 006 DNS Servers and 015 DNS Domain Name

    hi,
    what's difference between 006 DNS Servers and 015 DNS Domain Name?
    please guide me.

    Hi
    Option 006 DNS servers           = IP Address of your DNS Server, e.g, 10.10.10.1
    Option 015 DNS Domain Name       = test.local, your domain name.
    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Maybe you are looking for

  • ITunes will not open after updating

    Ever since the update to 7.1.1 iTunes will not open. I get a pop-up window that says iTunes has stopped working. I have followed Apple's instructions for Vista about uninstalling all Apple products. I have done this 8+ times and I am at a total loss.

  • Force eject a cd

    a CD is stuck in my macbook pro, it keeps running and there is no reaction when I press the eject key..... How can I force/eject the CD?

  • SG500's with seperate DHCP device

    I have (2) Cisco SG500's, native stacked using the S1/S2 ports. The first switch IP is still 192.168.1.254. The manufacturer of the equipment I am installing requires a TP-Link wireless router functioning as DHCP server for the devices (50 plus). Wha

  • How to configure ContentServer for KM Documents ?

    Hello KM experts, Where do documents in KM get physically stored ? I would like to store them in a SAP contentserver - but I do not find a documentation on ho wto configure this. Or is there another standard way for storing the physical files ? (I ha

  • My firefox does not start even though i created a new profile.What is the solution?

    My firefox does not start and when i debug, its showing a win32 exception error. what should i do?