Proxy 3.6 - setting up authentication

Similar Messages

• Hardware Load Balancers and Cluster WebLogic Proxy Plug-in setting

  Documentation states that we need to enable the Cluster WebLogic Proxy Plug-in setting when there is a proxy plugin or HttpClusterServlet configured.
  We used to have Weblogic Proxy plugin and the setting is still there, also the proxy was replaced by the hardware loadbalancer. Everything works normally and no one complained, but I would assume that WebLogic Proxy Plug-in setting should not be applicable any longer.
  Is it possibly harmful to have that setting there? Does it mean that the loadbalancer emulates WebLogic Proxy Plug-in and also need this set?
  Thank you

  The Weblogic Proxy Plug-in Enabled flag only affects the behavior of a WL proxy module (such as if you were using Apache to proxy to WL via the mod_wl.so module). The value controls what IP address is returned when you call request.getRemoteAddr() from your application. If not enabled, you will get the IP address of the web server that proxied the request. If enabled, you will get the remote client IP address (instead of the proxy IP address) facilitated by the WL-Proxy-Client-IP header. If you are no longer using a plug-in module, the setting will have no affect. Hope this helps...

• Where do I put the proxy in the setting of Mail?

  I am usine internet on my working office, nad I cannot get my mails with Mail, because I need to add a proxy. So I add the proxy in the set up but the port 993 SSL is not ok. What should I put? thanks

  if (slotnumber1 == slotnumber2 && slotnumber2 == slotnumber3)
               System.out.println("All of the numbers are the same!");
               else
                    if (slotnumber1 == slotnumber2 || slotnumber2 == slotnumber3)
                         System.out.println ("2 of the numbers are the same.");
               else
                    if (slotnumber1 != slotnumber2 || slotnumber1 != slotnumber2 || slotnumber2 != slotnumber3)
                         System.out.println("None of the numbers are the same");Sorry i saw the mistake in my code for this bit.
  Fixed that...still confused about ethe loop + how to run it again if the user puts y/n to run again...
  Thanks, ps2cho

• Set different authentication mode for OWA (without 2 ip address)

  hi
  http://social.technet.microsoft.com/Forums/office/en-US/fda18a29-a484-4ed5-903b-aa06e8f7a032/set-different-authentication-mode-for-owa?forum=exchangesvrclients
  Step 1: IP Address
  Obtain a second IP address and add it to the NIC of your server.
  Step 2: DNS
  Add a DNS entry for That secondary IP address for the name we will want to use in the new FBA OWA Web site. I have chosen "testwebmail." Be sure there is a valid SSL certificate (recommended to have UC or SAN SSL certs) on the server Which has the
  new name "testwebmail" that will be used in the certificate.
  Step 3: New Web Site
  Create a new web site in IIS on the Client Access Server and bind it to the new IP address used in step 1.
  Step 4: Adding Exchange Virtual Directories
  The web site has been created and bound to the secondary IP address of our server. Also the DNS record That will be used to access the OWA FBA new page was added to DNS. The next step is to go into EMS and begin adding our virtual directories for OWA and ECP.
  Login to the Exchange server and open the Exchange Management Shell. Then run Get-Get-OWAVirtualDirectory and ECPVirtualDirectory to see the default OWA and ECP directories.
  New-OWAVirtualDirectory -WebSiteName FBA -InternalUrl https://url/owa
  New-ECPVirtualDirectory -WebSiteName FBA -InternalUrl https://url/ecp
  Step 5: Configure the Virtual Directories
  To configure the virtual directories we will disable FBA on the Default Web Site OWA and ECP virtual directories
  New-OWAVirtualDirectory -WebSiteName "FBA"
  Enable the Basic authentication via running the following command:
  Set-OWAVirtualDirectory -Identity "yourservername\owa (FBA)" -BasicAuthentication $true
  Set-OWAVirtualDirectory -Identity "OWA (Default Web Site)" -WindowsAuthentication $true -BasicAuthentication $false  -FormsBasedAuthentication $true
  Step 6: iisreset
  I want to set this settings; but I don't have 2 ip address and I want to set whit one ip address.
  can please tell me how can set this settings with one ip address?
  and please tell me about publishing whit tmg.
  thanks

  Hi,
  Based on my research on Host Header, it seems using Host Header can achive your goal.
  More details on Host Headers:
  1. Host headers let you assign more than one site to a
  single IP address on a Web server.
  2. To host more than one Web site on a Web server, you can assign a unique IP address to each Web site, designate a non-standard TCP port number for a Web site,
  or use host headers. Of the three methods, it is more common to use host headers than to assign unique IP addresses to Web sites or to use non-standard TCP port numbers.
  Configure a Host Header for a Web Site (IIS 7)
  http://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx
  Please correct me if there is anything misunderstand.
  However, Microsoft recommends creating the second OWA/ECP virtual directories in a new IIS web site with a different IP address, and using it for internal client access.
  Thanks
  Mavis Huang
  TechNet Community Support

• Proxy server keeps asking for authentication

  My MacOS10.7.3 server coordinates a small subnet of 100 macs. To access the internet as provided by the larger organisation we must go through a proxy server. Unfortunately the proxy server keeps asking for authentication and checking the Remember This Password barely helps. Any tips would be appreciated.

  Hi, the reply by ctzsnooze in the following thread was very helpful to me:
  https://discussions.apple.com/message/23848959#23848959

• Set dynamic authentication credentials to Partner link - BPEL 11g PS1

  Hi,
  I am working on BPEL SOA 11g PS1. I need to know how i can dynamically set the Authentication details (Username and password) as well as Timeout while invoking a web service reference.
  I have been successful in setting these values using properties of the partner-link which is static.But actually as per my use-case, i need to read these information dynamically from a repository say Database/DVM and set these value while invoking.
  Regards
  Sesha

  Hi Sridhar
  Below is the composite.xml snippet which works for me as static mapping. I have added "wss_username_token_client_policy" to the reference interface.
  <reference name="getNameService" ui:wsdlLocation="getNameService.wsdl">
  <interface.wsdl interface="http://www.amazon.com/css/mmbi/getNameService/#wsdl.interface(getNameServiceSoapPort)"/>
  <binding.ws port="http://www.amazon.com/css/mmbi/getNameService/#wsdl.endpoint(getNameService/getNameServiceSoapPort)"
  location="getNameService.wsdl" soapVersion="1.1">
  *<wsp:PolicyReference URI="oracle/wss_username_token_client_policy"*
  orawsp:category="security" orawsp:status="enable"/>
  <property name="weblogic.wsee.wsat.transaction.flowOption"
  type="xs:string" many="false">WSDLDriven</property>
  *<property name="oracle.webservices.auth.username" type="xs:string"*
  many="false" override="may">username11</property>
  *<property name="oracle.webservices.auth.password" type="xs:string"*
  many="false" override="may">password11</property>
  *<property name="oracle.webservices.httpReadTimeout" type="xs:string"*
  many="false" override="may">30000</property>
  <property name="oracle.soa.ws.outbound.omitWSA" type="xs:string"
  many="false" override="may">true</property>
  </binding.ws>
  </reference>
  Here you can find property value for oracle.webservices.auth.username,oracle.webservices.auth.password & oracle.webservices.httpReadTimeout are static , What i want to make here is to read these from a bpel variable in runtime.
  OR
  Is there any means i can do this same basic authentication in BPEL 11g which would support dynamic credentials.
  Thanks
  Sesha

• I'm having major buffering problems since the IOS7 upgrade.  Proxy settings are set to off.

  I,m having major problems with buffering on my iPad & iPhone since the IOS7 update.  My proxy settings are set to off.

  Turning off and back on or hard reset seems to work for a day or two.  After resetting I am occasionally losing messages that were there before reset.  In addition, I have had 3 messages that I received a notification for when they came in but go into messages and not there.  Message incon still shows 3 unread messages but when I open messages I have no unread messages???  Power on-off or hard reset does not seem to fix this.  At least a reset gets imessages working again.  Hope fix is out soon.  This is a PIA.

• Setting up authentication for client proxy in SOAMANAGER

  Hi all,
            I have a webservice in .NET system and i have created Client proxy in ABAP.
            I have created logical port also.
            When i am testing the service I am getting a POP-UP to enter username and password.
            Is there any setting for athentication in SOAMANAGER where we can specify the USERNAME &
            Password so that POP-UP for the same is surpassed while testing.
            This, can help calling the service in background.
            Please help am on the end of my wits.
  Thanks & Regards.
  Yats.

  hope below docuements would help you.
  Re: Inbound Proxy as WebService
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04408cc-f10e-2c10-b5b7-af11026b2393
  regards
  nag

• HTTPS over a Proxy!! Set up of username/password

  I am transferring over https to a receving servlet over a Proxy.
  How do I specify the username and password for the Proxy in my
  application ,if the proxy server supports this.
  I have configured my application to send it over a Proxy with:
  https.proxyHost = <Proxy Host>
  https.proxyPort = 0000
  or
  System.setProperty("https.proxyHost","Proxy Host");
  System.setProperty("https.proxyPort","8080");
  How can I set the Property for Username and Password too?
  Please does any one know this?
  ajay
  [email protected]

  Or you could use the Authenticator class
  in JDK.
  class MyAuth extends Authenticator {
      protected PasswordAuthentication getPasswordAuthentication() {
          System.out.println("The realm '" + getRequestingPrompt() +
              "' at '" + getRequestingHost() + ":" + getRequestingPort() +
              "'\n" + "using " + getRequestingProtocol() + " is requesting " +
              getRequestingScheme().toUpperCase() + " authentication.");
          System.out.println("");
          System.out.println("What should we send them?  Let's send them ...");
          System.out.println("");
          return new PasswordAuthentication("username", "password".toCharArray());
          // set to the authenticator you want to use.
          Authenticator.setDefault(new myAuth());
          URL url =
              new URL("http://www.some.com/something_protected/index.htm");

• How to configure a Proxy in OSB with Digest Authentication?

  Hello, Guys.
  I need a help with this subject.
  I have a demand to configure a Proxy in OSB 11.1.1.6 with Digest Authentication. I'm using a Embedded Ldap with Identity Asserter.
  I'have configured a DefaultAuthenticator and the DefaultIdentityAsserter to support Digest Password and create a new LdapIdentityAsserter pointing to my embedded Ldap.
  When I'll create a new Proxy, in the security options, i can see the digest options to authenticate my username and password. I selected the one of all the options, but in the time of the Proxy test the authentication didn't work.
  Could anyone help me?
  Thanks you.

  Unfortunately, a reference trigger can't be used for continuous acquisition after the trigger. The maximum post-trigger count is either 2^24 or 2^32 depending on your hardware. Depending on your sampling rate and how many samples you expect to acquire before issuing a software stop, using the max post-trigger count may be sufficient for you. There are a couple of other options I can think of that you might want to try:
  1.) If possible, play with the trigger condition such that it occurs at the start of your pre-trigger data and use it as a start trigger instead. I suspect this may not be possible.
  2.) Set up a continuous acquisition and implement detection of the trigger condition through software. This is more software work and is more CPU intensive than the hardware solution, but it can definitely be made to work.
  3.) With some creative use of the counters, you may be able to latch the sample clock number that trigger occurred on. This would allow you to setup a continuous acquisition and use the hardware to tell you where the trigger occurred instead of figuring it out in software. What I'm thinking is you would set up a buffered event counting task with the ai/SampleClock as the timebase source of the counter and the trigger signal as the sample clock of the counter. By reading the first count value, you should know which AI sample the trigger occurred. From there, you can seek to the right position in the buffer and begin reading data indefinitely.
  Good luck!

• Proxy.cfg - Correct setting for ResolveProxyIPAddress

  According to TID 3988333 the description of this parameter is "Default behaviour is to send an SSL authentication redirect to a host name instead of a IP address. 0 to disable the same. Requires PXY023 or later."
  Also, the default setting in Proxy.nlm is 1. However, in Craig's Proxy.cfg he has it set to 0. I would think you would want this to be set to 1, no?
  Dan

  OK, I had no idea that that is what this parameter pertained to. Now I see what you are talking about with the BorderManager SSL login as an alternative to Client Trust. We don't use that so that is why I didn't understand.
  To me this again proves that we need more documentation on what these parameters are and why you would use them. I would agree with you after hearing more background that it should be set to 0.
  FYI, the default for 3.9 SP1 proxy is 1! I wonder why Gonzalo thinks this is preferred?
  Dan
  Originally Posted by Craig Johnson
  In article <[email protected]>, Dchunt wrote:
  > Also, the default setting in Proxy.nlm is 1. However, in Craig's
  > Proxy.cfg he has it set to 0. I would think you would want this to be
  > set to 1, no?
  >
  If that's what I think it is, no. I think that has to do with how the
  SSL login page shows up on the browser. Default would have it show up
  with the server name as a URL. Unfortunately, that also means you need
  a DNS entry for the server name. The IP address has always worked,
  which is why I set that to 0. (It may be that the problems I've seen
  with SSL login failing with server name are related to incorrect host
  file entries, but I think it was more widespread than that).
  I definitely want the ssl logins redirected to IP address by default. I
  might go to a URL if I had purchased a 3rd party certificate,
  particularly if using authentication with reverse proxy. But I would be
  ironing out DNS issues as well.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***

• Setting an Authentication Level for a WS using Deployment Descriptor Files

  Hi
  I'm developing WS with authentication level BASIC but I have some problem deploying it.
  I read from https://cw.sdn.sap.com/cw/docs/DOC-106319  how to setting authentication level using annotation, but I cannot use annotation because my WS are cross-platform (they can be executed on SAP NetWeaver AS, JBoss, IBM WebSphere).
  My WS is based on a stateless EJB Session 2.1.
  My ejb-jar contains security-role-ref.
  <?xml version="1.0" encoding="UTF-8"?>
  <ejb-jar id="ejb-jar_ID" version="2.1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
       <enterprise-beans>
            <session id="AsyncOrd10">
                 <description>AsyncOrd10</description>
                 <ejb-name>AsyncOrd10</ejb-name>
                 <local-home>com.dat.now.ws.ord.AsyncOrd10Home</local-home>
                 <local>com.dat.now.ws.ord.AsyncOrd10</local>
                 <service-endpoint>com.dat.now.ws.ord.AsyncOrd10WS</service-endpoint>
                 <ejb-class>com.dat.now.ws.ord.AsyncOrd10EJB</ejb-class>
                 <session-type>Stateless</session-type>
                 <transaction-type>Container</transaction-type>
                 <resource-ref id="AsyncOrd10Ref">
                      <description>Reference to the DataSource used by AsyncOrd10</description>
                      <res-ref-name>jdbc/AsyncOrd10</res-ref-name>
                      <res-type>javax.sql.DataSource</res-type>
                      <res-auth>Container</res-auth>
                 </resource-ref>
                 <security-role-ref id="SecurityRoleRef_AsyncOrd10">
                      <role-name>everyone</role-name>
                      <role-link>everyone</role-link>
                 </security-role-ref>
            </session>
       </enterprise-beans>
       <assembly-descriptor id="assembly-descriptor_ID">
            <security-role id="SecurityRole_everyone">
                 <role-name>everyone</role-name>
            </security-role>
            <security-role id="SecurityRole_sysadm">
                 <role-name>sysadm</role-name>
            </security-role>
            <method-permission id="MethodPermission_AsyncOrd10">
                 <role-name>everyone</role-name>
                 <method id="MethodElement_AsyncOrd10">
                      <ejb-name>AsyncOrd10</ejb-name>
                      <method-name>*</method-name>
                 </method>
            </method-permission>
            <container-transaction id="container-transaction_AsyncOrd10">
                 <method id="AsyncOrd10_methods">
                      <ejb-name>AsyncOrd10</ejb-name>
                      <method-name>*</method-name>
                 </method>
                 <trans-attribute>Required</trans-attribute>
            </container-transaction>
       </assembly-descriptor>
  </ejb-jar>

  for JBoss I can set in the jboss.xml the auth-method (under the port-component)
  <?xml version="1.0" encoding="UTF-8"?>
  <jboss>
       <security-domain>java:/jaas/absolut</security-domain>
       <enterprise-beans>
            <session>
                 <ejb-name>AsyncOrd10</ejb-name>
                 <local-jndi-name>com.dat.now.ws.ord.AsyncOrd10</local-jndi-name>
                 <port-component>
                 <port-component-name>AsyncOrd10WSPort</port-component-name>
                      <port-component-uri>AsyncOrd10</port-component-uri>
                      <auth-method>BASIC</auth-method>
                 </port-component>
                 <resource-ref>
                      <res-ref-name>jdbc/AsyncOrd10</res-ref-name>
                      <res-type>javax.sql.DataSource</res-type>
                      <jndi-name>java:/now</jndi-name>
                 </resource-ref>
            </session>
       </enterprise-beans>
  </jboss>
  For IBM WebSphere I should use an additional step in the deploy
  Maybe I missing something in the ejb-j2ee-engine.xml ?
  this is it :
  <?xml version="1.0" encoding="UTF-8"?>
  <ejb-j2ee-engine>
       <enterprise-beans>
            <enterprise-bean>
                 <ejb-name>AsyncOrd10</ejb-name>
                 <jndi-name>com.dat.now.ws.ord.AsyncOrd10</jndi-name>
                 <resource-ref>
                      <res-ref-name>jdbc/AsyncOrd10</res-ref-name>
                      <res-link>now</res-link>
                 </resource-ref>
            </enterprise-bean>
       </enterprise-beans>
  <security-permission>
  <security-role-map>
  <role-name>everyone</role-name>
  <server-role-name>all</server-role-name>
  </security-role-map>
  <security-role-map>
  <role-name>sysadm</role-name>
  <server-role-name>administrators</server-role-name>
  </security-role-map>
  </security-permission>
  </ejb-j2ee-engine>
  Thanks

• Modify OSB Proxy "HTTPS required" setting through customization file

  Is it possible to modify the "HTTPS Required" setting on the OSB Proxy service? We have different settings to be used for different environments like . DEV, IT, UAT, PROD etc
  My understanding of the OSB customization is as below, and I get a feeling that its not possible through the customization.
  There are 3 types of customizations possible: EnvVariables, FindAndReplaceString, ReferenceType
  EnvVariables allows only pre-defined set of variables to be changed thru the customization file. , HTTPS setting is not there in the list.
  Allowed variables are listed @ http://docs.oracle.com/cd/E23943_01/admin.1111/e15867/customization.htm
  FindAndReplaceString: it’s possible to change the value of the xml elements in the proxy file, but since its boolean value for HTTPS, we cannot use this option, it would replace other settings as well.
  ReferenceType: is used to refer to alternate references like xquery or business services in the proxy service.

  I know that ALSB used to provide APIs for SOME customizations, monitoring and control of services. I have not tried APIs in OSB for a long time and dont know if the APIs are still the same or if some of them have been deprecated. But I can say that the APIs for customization of end point values will definitely be available.
  However, I do not think there will be an API for marking HTTPS as enabled in proxy configuration, that you will need to do using the sbconsole UI or by importing an updated version of service.
  You can find the APIs here:
  http://docs.oracle.com/cd/E23943_01/apirefs.1111/e15033/toc.htm
  http://docs.oracle.com/cd/E23943_01/admin.1111/e15867/app_apis.htm#OSBAG739
  If you do need more info then search for ALSB APIs and you will get older docs but they might have more details.

• Setting Defualt Authentication type to Enterprise in Full Client - strange

  Hi Folks,
  I am having issue setting up default authentication type in full client.
  My users here use Desktop Intelligence for their reporting. We have configured Windows AD authentication for them and they are logging to one of the server via Citrix where BO Client is installed. When users select Windows AD from the authentication type, for the first time it works well, because, they dont have to enter username or password, as they are logging thru Citrix to the server with their Windows AD account. Now here is what happens, when second time they go in the server, their default type is set to Windows AD as they login to DeskI using AD last time, but this time, the OK button is blurred and to my understanding it becomes active if you enter username or password, which in my situation, they have dont have to.
  So they select Windows AD from the drop down button and then the OK button is enabled. This is not right as they are already in Windows AD mode. So I thought to make the defualt authentication mode to Enterprise, no matter whatever they login lastly. This way they will have to select Windows AD and the problem will go away. Or if someone knows how to resolve my situation, please advice. Otherwise, please help me how and where can I set the autheication type to Enterprise by defualt for full client. I have only client products installed on this particular server.
  Thanks a lot,
  Bhaumik
  BOXIR2 SP2 full version, Citrix

  The ok button thing was a bug fixed in SP3. Now beware SP3 and above SP's client version have another bug which breaks all clients using AD/LDAP fixed in FP3.3. The server version of the SP does not have that bug. If you fix the bug you will not have to set the enterprise type.
  It's by design to remember that last login (that may be something you can stop but I never tried and don't know how to).
  Regards,
  Tim

• Setting up authentication using IAS and an AP1200

  I'm trying to get RADIUS authentication working using Windows 2003 IAS and an AP1200, client is an AIR-CB21AG with latest drivers (2.1). Can anyone point me to a "how to" guide or advise how to configure each component to get it all working?
  Thanks in advance!

  Gerardo
  A customer that I work with has set up lots of VPN connections to remote sites where the remote site is behind a cable network connection including actiontech routers. We are using the 1841 router but I would think that the 1861 would be able to do this without much problem.
  As to the specific questions that you ask:
  - We use GRE/IPSec tunnels and it works well.
  - there should not be any configuration changes on the actiontech router.
  - as far as caveats:
  + make sure that the image on the 1861 is the advanced security feature set or the advanced services feature set so that you get support for the encryption needed for VPN.
  + in our implementation we require that the remote site have a fixed IP address which allows each end of the VPN to uniquely specify its peer and allows either end of the VPN to initiate the connection. I assume that your user is getting an address via DHCP from the actiontech. This will mean that your head end will have to accept connection requests from anyone and authenticate to verify that it is an authorized request. And it will mean that the remote must initiate the connection.
  If it is a single user at this remote location would it be feasible to set it up as a remote access VPN rather than a site to site VPN and to have the user use the VPN client which would eliminate the requirement for a router at the remote site?
  HTH
  Rick