Proxy Server 3.6 with Identity Server 5.1!

Similar Messages

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• RBAC with Identity Server

  Right now I'm writing my final thesis.
  I have developed a model for role-based access control and now I'm conducting a short evaulation of Identity Server to see how well it handles my model.
  It's obvious Identity Server is highly expandable to suit the most needs anyone can have, BUT with some/much effort in developing plug-ins.
  Have I missed something here? Where do I configure which rights a role has got?
  Does anyone know of any documents describing RBAC with Identity Server or is RBAC just a nice buzz-word for the White papers?
  best regards,
  Peter

  Two ways to enforce the permissions:
  Policy Agents
  ssoToken Properties
  from:
  http://docs.sun.com/source/816-6774-10/prog_sso.html#wp36428
  A policy agent polices the web container on which a protected resource lives by enforcing a user�s assigned policies. They are an integral part of the cross-domain SSO functionality. Two types of policy agents are supported by Identity Server: the web agent and the J2EE/Java agent. The web agent enforces URL-based policy while the J2EE/Java agent enforces J2EE-based security and policy. Both types are available for installation separately from Identity Server and can be downloaded. Additional information can be found in the Sun ONE Identity Server Web Policy Agents Guide and J2EE Policy Agents Guide . General information on the Policy Service can be found in Chapter 7, "Policy Service," of this manual:
  http://docs.sun.com/source/816-6774-10/prog_policy.html#wp27085
  ssoToken Property
  Access the session object called ssoToken that contains Role and Service for the logged in user.
  from
  http://docs.sun.com/source/816-6774-10/prog_sso.html#wp36428
  /* get the sso token from http request */
  SSOToken ssoToken = SSOTokenManager.getInstance().createSSOToken(request);
  String appValue = ssoToken.getProperty(appPropertyName);
  more:
  http://docs.sun.com/source/816-6774-10/prog_intro.html#wp19687
  david.

• Disappearing disk space Windows Server 2012 R2 with SharePoint Server 2013 Enterprise

  I've got an interesting problem with a virtual machine in our VMWare environment.  It is Windows Server 2012 R2 with SharePoint Server 2013 Enterprise installed.  I started out with a 60GB disk and it started running out of space, so I increased
  it in VMWare and extended the partition to 100GB.  Well, that lasted for a bit and so I extended it again.  I've done this 3 or 4 times and now I've got a 160GB disk with about 2-3GB of space remaining (and it started with 10GB remaining). 
  WinDirStat shows 105GB of <Unknown> space being used, which is probably my issue.  However, I can't determine what this is and it keeps growing like a tapeworm.  The context menu on the <Unknown> files has all the options disabled,
  so WinDirStat doesn't appear to have access to whatever the file(s) is/are.  I've performed several chkdsk /f on the C: drive and nothing bad is reported.  I don't have any restore points and am not running VSS (that I'm aware of).  The pagefile
  reports as being about 4.9GB, so that's not the issue.  No large files are shown anywhere and my explorer settings are set to show me all files, including system files.
  When I try to run WinDirStat with elevated permissions, it hangs and becomes unresponsive. 
  I've even resorted to running CCleaner to see if it found anything, but it simply found the standard temp files and such...about 1GB. 
  I'm pulling my hair out...and I don't have much to start with.  Anyone have any ideas?
  Thanks
  Russ

  It appears that somehow, Microsoft Fusion Assembly binding logging was turned on and many of the temp folders located at c:\users\username\AppData\Local\Microsoft\Windows\InetCache\IE were filling up with hundreds of thousands of Fusion HTM log files. 
  This is controlled by an entry in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog which was set to 1.  Hopefully, setting it back to zero will fix the issue.  As a result of figuring this out, I have recovered almost 80GB of disk
  space occupied by the log files.
  I thought WinDirStat would show me what I needed to know, but it turns out TreeSize (which I've used in the past) works much better.
  Russ

• Security solution with Identity server for SOX compliance

  Hi all,
  Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
  Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
  I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
  1. User Identification, authorization and access
  2. User control of user accounts
  3. Central identification and access rights/permissions management
  4. Violation and security activity report
  Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....

  Just too quick to draw conclusion: See below FAQ
  If you are not in the same AS container, let me know. Jerry
  Copy from J2EE agent FAQ
  Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
  Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server.

• Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

  Hi,
  I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
  After configyration, I try to access the resources http://myweb.org.cn/test/test.html
  The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
  Is this because of URL policy agent don't support IS 6.1?
  Many thanks,

  Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
  Setup Info:
  - OS is RHEL 4.0
  - Sun ONE Web Server 6.1SP7
  - Policy Agent 2.2

• Windows Server 2012 R2 with Exchange Server 2013 SP1 Completely fresh install giving errors signing into EAC

  Hi,
  I am struggling with a completely clean installation of Server 2012 R2 and Exchange 2013 SP1.  I followed these steps:
  Installed Server OS
  Windows Updates
  Added Active Directory Role (This is a single standalone server that would have been SBS until it was dropped)
  Added DHCP & DNS
  Added Certificate Services
  Added Windows Server Update Services (WID Database & WSUS Services)
  Windows Updates
  Added Media Foundation
  Added File Server Resource Manager and Work Folders
  Added Windows Server Backup
  Windows Updates
  Checked all running without errors in Server Manager and performed a full bare bones backup.
  Ran Setup.exe from Exchange 2013 SP1 disc.
  Installed Pre-requisites and then rebooted
  Windows Updates
  Ran Setup.exe from Exchange 2013 SP1 disc.
  Installation completed without errors
  Rebooted
  Checked all running without errors in Server Manager.
  I Launch Exchange Administrative Center and get "problem with website's server certificate error" (normal on machine with self-assigned certificates).  Click Continue to Website and get:
  Windows Security dialog box:
  iexplore - "The server localhost is asking for your username and password.  The server reports that it is from Digest"
  however no username and password combination will work:  have tried [Administrator]; [Domain\Administrator] even created a user to no avail.
  I believe the issue is somewhere in the IIS configuration because I also get the same error when trying to log into the server website from either the server or another machine on the network.
  I have tried the complete installation three times now:  (full disclosure not all of the same features/roles each time).  On the first attempt I got this error immediately and on try number 2 was able to get into the EAC and created the mailboxes
  but then it started giving the same error.  The above steps are try number 3.
  Any ideas?
  Thanks in advance.
  Andy Halford
  P.S. A Follow up which might be significant:  The Default Web Site is not running and will not start (it was previously running before the Exchange installation) and when I try I get the message that Another Website may be using the same port however none
  of the others (Exchange Back End or WSUS Administration) are using ports 80 or 443 and I still get the error when they are both stopped.

  Could you post the list of sites:
  appcmd list site
  The ones listening on port 80:
  appcmd list site /bindings:http/*:80:
  And on port 443:
  appcmd list site /bindings:https/*:443:
  Step by Step Screencasts and Video Tutorials

• SQL Server 2005 replaced with SQL Server 2014 trying to connect front end Access as guest (read only ODBC)

  We have replaced a SQL Server 2005 with a SQL Server 2014 (new physical server.)  Have the new server set up to use SQL Server login OR Windows user login. Had old server connecting (for a particular DB) to front end Access (2010 or 2013) as guest for
  anyone logged into the Windows NT Network with a read only ODBC connection. Have the DB in the new server set to include guest as db_datareader (with only SELECT permission for the securables of each table and view being linked) but when any Windows user not
  specifically listed as a SQL DB user tries to use the front end they get an error of:
  Microsoft SQL Server Login
  Connection failed:
  SQL State: '28000'
  SQL Server Error: 18456
  [Microsoft][OCBC SQL Server Driver][SQL Server] Login failed for user {domain\user}.
  After closing that pop-up window a server login window appears. Of course, since the guest user is not specifically listed as a user in the DB that fails also. It seems like there should be a very simple solution to this, but I can't seem to find it. I want
  to allow anyone logged in on the Windows system (locally) to be able to open the MS Access file (on their work station machine) and run their own (read only; select) queries on the SQL Server database. Any suggestions?
  Thanks a billion in advance ----

  Thanks for the response Olaf. I have now spent weeks researching this. I realize that using the guest account in most situations is not advised. As mentioned, I have restricted the guest account to allow the db_datareader role only, and have explicitly denied
  all other roles, as well as allowing select only, and still have no access for the guest account.
  The suggested fix in the second link you provided, of using Windows groups is not plausible for my situation either. We are a scientific field research institution, with a few long term users and lots of users that may have Windows accounts for a few months,
  and then they are gone. It would be a nightmare for the network tech to try to keep a group account up to date, and we need to give access (read only, of course) to anyone logged into the system. Realize that the ONLY access of any kind to this database is
  thru MS Access ACCDB, using a (by default) read only OCDB connection.
  This type of access is used particularly because researchers need to be able to set up their own queries, and the MS Access query interface is particularly convenient for people who are not themselves SQL experts, yet are trying to get some very advanced
  levels of output. Putting the database online is not practical because then we are back to the need for a comprehensive query interface, and just picking up general subsets of the data online (from a basic web page search feature) would be out of the question,
  since the result set would involve hundreds of thousands if not millions of records.
  So - that said - what exactly would you suggest, assuming we don't have the funds to buy a whole new system, and have spent plenty of money with Microsoft's Enterprise level MS Office so that all work stations have MS Access, and Microsoft's SQL Server,
  as well as running our network on Microsoft's network software.

• Problems getting Web server to connect with LDAP server.

  Have 4.1.8 iplanet Web and 4.13 LDAP running on Win2000 sp2. Both are working fine separately, i.e. 'have good anonymous LDAP://URL responses, and 'have working application CGI responses from web server. 'Have previously had same setup running on another server. However, with this install on win2000 cannot get Global settings LDAP feature to work ~ getting " An error occured while contacting th LDAP server. A connection to the the directory server could not be opened. Have checked DNS settings, etc. All seems to be in order. Any suggetions?

  Hi,
  What edition of Win 2K are you using (Pro/Server/Ad Server). The problem could be your DNS settings only.Ensure which machine is your DNS Server is running,is it on NT? if so change it to win 2K server.
  Delete your LDAP machines A record from DNS server and add it again. This will solve your problem.
  Refer the URL :
  http://knowledgebase.iplanet.com/ikb/kb/articles/5135.html

• RH Server 9 compatibility with Windows Server 2008 SP2/SQL Server

  Our tech support people are preparing for a first install of RH Server 9. They have asked me to find out whether there is a recent patch that would enable it to work with Windows Server 2008 SP2 64 bit and MS SQL Server 2008.
  If there is not yet a patch, will there be one for this OS/DB combination in the future, and when?
  This is in reference to the knowledgebase article at http://kb2.adobe.com/cps/884/cpsid_88483.html which gives a "not recommended" status to this combination.
  Our infrastructure team would prefer to use this combination if it is possible.
  Second question from the tech team: Do we need to separate the RoboHelp application from the database or can they both reside on the same server?

  To answer your first question, no there is no patch to allow SQL Server 2008 to run on a 64 bit server. To answer your second question, I don't know. This is a user to user forum and therefore we are not party to any discussions on when or if a patch will be released. You could sumbit a feature request which the Adobe RoboHelp Product Manager will get. This will help advance your case. You can submit it here:
  http://www.Adobe.com/cfusion/mmform/index.cfm?name=wishform&product=38
    The RoboColum(n)
    @robocolumn
    Colum McAndrew

• Sun Portal Server 6 compatibility with Web Server 6.1 SP - 8

  Hi,
  Our client is running on Sun One Portal Server Version 6.0, which is deployed on Sun One Web Server ver 6.0, there is a request from the hosting provider to upgrade the web container to Web Server 6.1 SP8. My question is � Is Sun One Portal 6.0 (with AM 5.1 and DS 5.1 SP4) capable of / compatible with Web Server 6.1 SP - 8 ?
  Do you see any issues with going ahead with the upgrade?
  Thanks much for all your responses!

  We upgraded our Sun Webserver to SP8 and had no issues. We are running
  - Portal 6.2
  - IS 6.1
  - DS 5.1

• Replicate win server 2008 r2 with win server 2012 r2

  I have AD on win server 2008 R2
  Can I replicate it with win server 2012 R2
  Nagy Anwar

  Hello,
  there is no problem to add a new Windows Server 2012 R2 into the existing domain.
  http://blogs.msmvps.com/mweber/2012/07/27/upgrading-an-active-directory-domain-from-windows-server-2008-or-windows-server-2008-r2-to-windows-server-2012/
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Gateway server cant comunicate with managemant server

  Hi all,
  I have some issues with a gateway server. So I've installed the new server following Microsoft documentation. I've add the new server in OP console, I can see him but is unmonitored. I've installed same certificate on both servers in Trusted store (computer).
  ON GW I've check and 5723 it's opened. On GW I have this errors:
  EV 20057, OpsMgr Connector
  Failed to initialize security context for target MSOMHSvc/computer The error returned is 0x80090303(The specified target is unknown or unreachable).  This error can apply to either the Kerberos or the SChannel package.
  EV 20057, OpsMgr Connector
  Failed to initialize security context for target MSOMHSvc/computer The error returned is 0x80090303(The specified target is unknown or unreachable).  This error can apply to either the Kerberos or the SChannel package.
  EV 21001, OpsMgr Connector
  The OpsMgr Connector could not connect to MSOMHSvc/copscomsvr01.corp.local because mutual authentication failed.  Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust relationship
  between the two domains.
  EV 20071, OpsMgr Connector
  The OpsMgr Connector connected to copscomsvr01.corp.local, but the connection was closed immediately without authentication taking place.  The most likely cause of this error is a failure to authenticate either this agent or the server .  Check
  the event log on the server and on the agent for events which indicate a failure to authenticate.
  Any ideas?

  Hi,
  Please check the registry. Go to the OPS reg hive and check if the FQDN name is supplied for the Networkname and AuthenticationName. If this doesn’t match your certificate common name you will get the 20071 event.
  Just change it and restart the OpsMgr service.
  More details:
  https://michelkamp.wordpress.com/2012/01/05/solving-the-gateway-20071-event/
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Terminal Server Farm balancing with down server

  I have an 11501 that is balancing connections between my 10 terminal servers.
  We are using roundrobin because we were told by TAC that leastconn and ACA do not work well with terminal server environment.
  The problem is that whenever a server goes down and comes back up that server is not first inline for people reconnecting. I need help finding a way, once the down server comes back online, to make this server have a higher weight until its connections are about equal to what the other server loads are.
  Any help would be greatly appreciated.

  Hi,
  in my pinion balance leastconn should the job as it only counts the number of connections see :
  http://www.cisco.com/en/US/customer/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a008029c621.html#wp1038118:
  balance leastconn - Least connection algorithm. This balance method chooses a running service that has the fewest number of connections.
  We do not recommend that you use UDP content rules with the balance leastconn load-balancing algorithm. The service connection counters do not increment and remain at 0 because UDP is a connectionless protocol. Because the counters remain at 0, the CSS will give inconsistent results.
  So if your terminal service is a running via UDP you are having a problem but in any other case it should do the job from the description given above.
  The balance aca will fail due to the fact that the first and keepalive is very fast and so it can not determin the real load what you already found out.
  Which method did you use balance aca or balance leastconn?
  Cheers,
  Joerg

• Does 9i App Server come Bundled with Database Server

  I just want to know if 9i App server comes bundled with any Database Server.
  Thanks
  null

  no, it doen't.