Read SAProuter certificate from local.pse

Similar Messages

• How to read security certificates from registry using java 1.4

  Hi All,
  I installed one Security certificate in IE browser. that certificate is UNExportable which contains private keys which are imported to use while server cuommunication.
  Now have to send that certificate for authentication to vendor server using java(J2SDK 1.4).I tried allways to do cummunication but filed due to unabalability of private key.
  Here I want to read that certificate from windows sertificate registry store which is installed from IE.
  Is there any way to read IE installed certificates using java. If so please provide me that code.
  Its very URGENT for me.....please help
  thank you
  Vinod

  while exporting the certificate the am able to export only public keys, private key option is disabled. but those private keys are very important for my communication. I should pass those private keys to vendor for authentication purpose.
  That's way am paling to read certificate from windows registry. but am new to these concepts.
  can anybody have code to read certificates from windows registry using java 1.4?

• Reading Mozilla certificates from an applet

  We have a web application that only works in Internet Explorer.
  It is a page that downloads the CAPICOM.dll and an ActiveX so we can read the Client certificates registered in Internet Explorer browser.
  But we want this web application to be accessible from Mozilla and Netscape. So in this case we think it is necessary to create an applet, and this applet might be capable of read the certificates registered in the Mozilla - Firefox - Netscape browser.
  There is a file called NSS.dll that is in charge of it for this browser. There is a Java wrapper called JSS (jss.jar file) that dialogs with it.
  But when we try in the applet something like:
  CryptoManager.initialize(dbdir);
  CryptoManager cm = CryptoManager.getInstance();
  X509Certificate[] certs = cm.getCACerts();
  there is a CheckPermission excepcion because of a loadNativeLibraries call to NSS
  How to resolve it? Is there any othe way to get the client certificate list from the Mozilla browser?
  There is another question, too:
  Witch would be the value for dbdir when calling CryptoManager.initialize(dbdir)? "secmod.db"? "key3.db"? "cert7.db"? "."? other?
  Thank you very-very-very much
  Robertico

  For accessing Native libraries from Applet here is the link
  http://www.javaworld.com/javaworld/jw-10-1998/jw-10-apptowin32.html

• Help with utl_file (read/write file from local directory)

  Need help reading/writing file on local machine from plsql using 10.2 DB.
  I am trying to read/write a file from a local directory(laptop) without success.
  I have been able to read/write to the database server directory but can't write to directory on local machine.
  The utl_file_dir parm has been set to * and the db restarted but I can't get it to work... Here's the plsql statement.
  out_file := UTL_FILE.FOPEN ( 'C:\PLSQL', 'TEST.TXT', 'W' ,32767);
  Whenever I run it continues to write to c:\PLSQL dir on the database server. Have looked at the "Directory" object and created MY_DIR = C:\PLSQL but it writes to the db server.
  Running 10.2 on a remote windows server, running PLSQL using sql*navigator.
  Thanks in advance for your help..

  I don't see how you expect the server to be able to see your laptop across the network, hack into it and start writing files. Even if it could, what if there is more than one laptop with a C: drive? How would it know which one to write to?
  Is there a shared drive on the server you can access via the laptop?

• Wrong Pin error while renewing SAprouter certificate

  Hi,
  i tried renewing Saprouter certificate from marketplace.
  while installing the certificate using the command below, we get the following error.
  E:\usr\sap\saprouter>sapgenpse import_own_cert -c srcert.txt -p local.pse
  import_own_cert: Couldn't open PSE "E:\usr\sap\saprouter\local.pse"
  ERROR in af_open: (1824/0x0720) Wrong PIN for PSE
  ERROR in secsw_open: (1824/0x0720) Wrong PIN for PSE
  ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong PIN for PSE
  Please suggest a solution for this issue. Is there any command to install the certificate by providing the PIN which we have given while generating local.PSE file.
  Thank you.

  Hi Mamta,
  Did you goted the solution as mark issue.
  If yes kindly share the solution, i am getting same issue.
  Waiting for ur reply.
  Thanks
  Santosh

• Reading excel  sheet from out side of the server though sql developer.

  Hi ALL,
  Is it possible to read the excel sheet from the out side of the oracle server.
  If it possible please send me the sample code.

  Duplicate thread.
  Reading excel  sheet from local system though sql developer
  Also a FAQ
  SQL and PL/SQL FAQ

• Is it possible to use certutil to export multiple certificates from a local client machine store, to a .p7b file?

  Is it possible to use certutil to export multiple certificates from a local client machine store, to a .p7b file?
  Scenario: We have a few legacy certificates based on some legacy templates (2012 R2). Some belong to an old SubCA (2008 R2).
  I’ve can manually export them using certmgr mmc on the local machine to a single .p7b e.g.
  cert_backupNEW.p7b. But this is not a practical solution for me and I want to achieve this remotely via certutil or some other util that comes with Windows 7 machines.
  I’ve already worked out how to run a certutil command to add the certs back into the store e.g.
  certutil.exe -addstore -f my cert_backupNEW.p7b
  Is there a way to export multiple certs to a single backup cert, or is what I’m trying to do not possible with multiple certs?
  TC

  Something like this:
  $store = New-Object Security.Cryptography.X509Certificates.X509Store "my","localmachine"
  $store.Open("ReadOnly")
  Set-Content -Path exportedcerts.pfx -Value $store.Certificates.Export("pfx","password")
  $store.Close()
  note that this command will fail, if there are certificates with non-exportable keys. You cannot export certificates with non-exportable keys.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Reading the output from a object running in the local machine.

  Reading the output from a object running in the local machine.
  By using a signed applet i am lunching a small application that returns an image object, how to read that without storing it in the hard disk.
  Which means i need to read the image object return by the local application using applet or jsp .
  i am using tomacat and an html page with an applet with it to lunch the application.

  You can write that image in a binary format using OutputStream for System.out and then read it in your applet.

• Reading files from local hard disk - Access Local Files Only

  Hi All,
  I have a local flash file published as 'Access Local Files Only', to allow me to read from local filesystem.
  What methods or classes can I use to read text and other files from the user's harddisk.
  This is the first time I am trying to do something like this, all help is grealy appreciated.
  Thanks
  Andy

  Hi, thanks for the responses
  I did some searching and found that the urlloader class is the right one for the job.
  'Access Local Files Only' option is provided for this very purpose I believe.
  If anyone has done something like this and have some sample code it would be awesome
  Cheers
  Andy

• Trusted certificates from your previous version of Adobe Reader were found.

  After upgrading Adobe Reader from 10 to 11, some users are getting "Adobe Reader Security - Trusted certificates from your previous version of Adobe Reader were found.  Would you like to import them."  I need to know what registry settings we can modify to either set this automatically to "Import" or "Use Default"  I need to add one of these options into our Adobe Reader Settings GPO that is using group policy preferences.  This only appears for users who have data in C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security and only the very first time the user opens Adobe Reader after the upgrade per user profile on a given server.

  I'm not sure this is true: "If they don't exist then there is no dialog. " Could be, but I've never heard of it.
  However, acrodata files perform a number of functions for several features, so removing them is unwise. Also, they will just come back when a user exercizes certain features.
  Better to just turn off the feature with the supported preference.
  Ben

• Error: Validity of Certificate from list with PSE type PSE ends in 3 da

  Hello,
  our system is reporting the followin warning
  Error: Validity of Certificate from list with PSE type > PSE < ends in 1 days, more notes on system log (SM21)
  We check the transaction STRUST and STRUSTSSO2, the certificate between ERP and EP expires today. The ERP system is SAP R/3 Enterprise and EP release is 6.20
  Please how can we create the certificate in that releases of SAP ERP and EP, we only found information about this procedure in the newest releases.
  Thanks

  Hi
  Is the SAP Logon certifiacte goiogn to expire??From Portal to ERP??
  If this is PSE then follow this [Link.|http://help.sap.com/saphelp_nw2004s/helpdata/EN/a6/f19a3dc0d82453e10000000a114084/frameset.htm]
  Regards
  Ajay

• Lync 2010 Certificate Issue - "There was a problem verifying your certificate from the server"

  Greetings.
  My Issue:
  Lync 2010 client does not connect to server;error displayed "Cannot sign into Lync. There was a problem verifying the certificate from the server."
  Description:
  The client is running on my Windows 7 box, and my CA server is a Windows Server 2003 box. I have installed the hotfix on the Server 2003 box to update the Web Enrollment portion of CA to allow for newer clients (Vista and 7) to receive certificates from
  this server. 
  Lync server is running on Server 2008 R2 STD, installation was a success.
  The Windows 7 box is a part of the domain.
  I have manually exported the Root CA from my Enterprise CA server from
  Trusted Root Certification Authorities -> Certificates and imported into the same location on my Windows 7 box. 
  If I look at the certification path on the Root CA, on my Windows 7 box,  it says "The certificate is OK." The same goes for the servers involved. 
  Still nothing.
  I have read the other forum posts on here about people having success once they manually import the Root CA from the Enterprise CA server, but this is not my case here. 
  All certificates are successfully assigned on the Lync server box; however, I did have to manually import the Root CA into Lync server's
  Trusted Root Certification Authorities -> Certificates before I could successfully assign them. Had to do this on another deployment I completed, so I didn't think anything of it.
  To recap: it seems that even with my Root CA imported into my Windows 7 box I can still not connect to my Lync server with the client, and I get the error message "There was a problem verifying the certificate from the server."

  Solved
  Solution :  Export certificate from Lync Server Start > Administrative Tools > IIS > Server Certificate > Export >   abc.pfx   save it,  Copy and place the certificate where Ms Lync 2010 client is installed or getting certificate
  error.  Follow these steps on client machine to install certificate 
  Run > mmc > add or remove snap in > certificates > computer account > local computer >finish > ok > expand Certificate > Trusted Root Certification Authorities > Certificate > All task > Import > copy abc.pfx certificate
  and delete unnecessary certificate from there.
  Restart Client machine and open microsoft Lync client 2010 and open option menu > Personal > Advanced > choose Auto Configuration > save ok

• Get certificate from the browser

  Hi friends!,
  I am working with an application to get files from the client machine, to sign those files with the client's certificate and send those sign to the server.
  The application get the client's certificate from a key store, but I want the applet will get the certificate from the browser.
  Is that possible?.
  Thanks and sorry for my little english. Greetings from Venezuela.

  If all you're looking for is Client SSL Authentication, then you don't need to access the digital certificates through an applet; just enable ClientAuth on your web-server and let the browser handle it for you. While I haven't tried this with Chrome, Safari or Opera, I know for a fact that this works on Firefox and IE.
  If you're trying to access the digital certificates/keys in the browser-keystore for digitally signing some content that the applet creates, you're going to have far more difficulty. About 10-12 years ago, Netscape provided an API that allowed you to digitally sign text-content through JavaScript. That died a quiet death, I think, since I don't know of anyone who used that capability (outside of test environments).
  Years later, Mozilla added the ability to digitally sign XML content using XForms; there is even an add-on for Thunderbird (which uses the same libraries as Firefox for PKCS work): https://addons.mozilla.org/en-US/thunderbird/addon/4522/.
  However, to the best of my knowledge, the only way you can get an applet to access the borwser's keystore today is to have the security policy on the client-machine modified to provide access to the local file-system, and the applet then pretty much deals with the keystore and its objects through JCE.
  But, if I'm reading your post correctly, I think all you're looking for is SSL ClientAuth, for which you don't need to do anything other than enable it on your web-server that hosts the applets, and let the browser do the heavy lifting.
  Arshad Noor
  StrongAuth, Inc.

• Saml2 error validateArtifactRequester: certificate from client is null

  Hi,
  I got this error ArtifactResolutionService.validateArtifactRequester: certificate from client is null, authentication is failed.>
  If you see the log then you can see the handshaking between assertion and indentity works but somehow the assertion refuses the response of the identity
  assertion provider
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Filter: Processing request on URI '/appB/faces/aut/restricted.jspx'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/appB/faces/aut/restricted.jspx'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is not a service URI>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'SPinitiator'>
  ####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: processing>
  ####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: partner id is null>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
  ####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: use partner binding HTTP/Artifact>
  ####<12-sep-2009 17:30:24 uur CEST><store saml object org.opensaml.saml2.core.impl.AuthnRequestImpl@168c85b, BASE64 encoded artifact is AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=>
  ####<12-sep-2009 17:30:24 uur CEST><post artifact: false>
  ####<12-sep-2009 17:30:24 uur CEST><local ARS binding location: http://laptopedwin.wh.lan:8001/saml2/idp/sso/artifact>
  ####<12-sep-2009 17:30:24 uur CEST><post form template url: null>
  ####<12-sep-2009 17:30:24 uur CEST><URL encoded artifact: AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
  ####<12-sep-2009 17:30:24 uur CEST><URL encoded relay state: null>
  ####<12-sep-2009 17:30:24 uur CEST><artifact is sent in http url:http://laptopedwin.wh.lan:8001/saml2/idp/sso/artifact?SAMLart=AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Processing request on URI '/saml2/sp/ars/soap'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/saml2/sp/ars/soap'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): service URI is '/sp/ars/soap'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'ARS'>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolutionService.process: get SoapHttpBindingReceiver as receiver and SoapHttpBindingSender as sender.>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolutionService.validateArtifactRequester: certificate from client is null, authentication is failed.>
  ####<12-sep-2009 17:30:24 uur CEST> <Warning> <Security> <LAPTOPEDWIN> <DefaultServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1252769424812> <BEA-000000> <[Security:096565]Artifact requester authentication failed.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapHttpBindingSender.sendResponse: Set HTTP headers to prevent HTTP proxies cache SAML protocol messages.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapHttpBindingSender.send: the SOAP envelope to be sent is :
  >
  ####<12-sep-2009 17:30:24 uur CEST> <<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"><soap11:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xf34d9596cf9f8d37715fdf3529266b40" InResponseTo="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.812Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">jdev_wls</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096565]Artifact requester authentication failed.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse></soap11:Body></soap11:Envelope>>
  ####<12-sep-2009 17:35:24 uur CEST> <authn_request - item: _0x9061f430c89cd074398250c710c83045 expired.>
  identity provider
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Initialized logger service>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Initialized SAML2 service>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: setConfigKey called with key 'default'>
  ####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Processing request on URI '/saml2/idp/sso/artifact'>
  ####<12-sep-2009 17:30:24 uur CEST><Redirect URI cache updated.>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/saml2/idp/sso/artifact'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): service URI is '/idp/sso/artifact'>
  ####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'SSO'>
  ####<12-sep-2009 17:30:24 uur CEST><Request URI: /saml2/idp/sso/artifact>
  ####<12-sep-2009 17:30:24 uur CEST><Method: GET>
  ####<12-sep-2009 17:30:24 uur CEST><Query string: SAMLart=AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
  ####<12-sep-2009 17:30:24 uur CEST><     Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*>
  ####<12-sep-2009 17:30:24 uur CEST><     Referer: http://127.0.0.1:7101/appB/faces/appBStart.jspx;jsessionid=TtbvKr5Myy7hC5y2j9YVZMLp2dxvYlGP3nV8KnJPtnB5svv4cnDL!-453074333?_adf.ctrl-state=m6b65gdxq_4>
  ####<12-sep-2009 17:30:24 uur CEST><     Accept-Language: nl>
  ####<12-sep-2009 17:30:24 uur CEST><     User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)>
  ####<12-sep-2009 17:30:24 uur CEST><     Host: laptopedwin.wh.lan:8001>
  ####<12-sep-2009 17:30:24 uur CEST><     Accept-Encoding: gzip, deflate>
  ####<12-sep-2009 17:30:24 uur CEST><     Connection: Keep-Alive>
  ####<12-sep-2009 17:30:24 uur CEST><     Cache-Control: no-cache>
  ####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
  ####<12-sep-2009 17:30:24 uur CEST><ssl client key:Sun RSA private CRT key, 1024 bits
  modulus: 135256530343776309493378499238723474761809537383354856443783031405724842963590896515127253614442774833330163469306346998433606124817086312759138932710087080464501074410925139095622741276531270633324573257815772267862467588496928149465417098076218732040047455958122894583653703895415828491462423303970267662119
  public exponent: 65537
  private exponent: 70314326087743699962454879977162652930937500017561071746336998641882377889887267410323718367396514008446506086626901479113065301623787031382331559843030136237857866934906267741351110674239213829006129063775109788707087302538026535943257466578949319062480441789214176315827916248430287133081293921721804088033
  prime p: 11974625102832097583118096114610793613205242504983701060834332690026001982375077665162762308523793650653350947197100038932023730202787298553029195261347327
  prime q: 11295262205059515784067784104204404656057034968759802138195417174670025481580489505249455835611140503620524999898446032906677280702668039750528726228078297
  prime exponent p: 10636051419212951957075964614303506523311875298802298281157626077164099690190818102244374273181234298154969131746805474255337189050985724645168110919912251
  prime exponent q: 9180707495599589343206474566470241653094376286920321960074362300079694178141042692915879784722129977674567430529173188898986608915112396683265394948155617
  crt coefficient: 3999529359604887198322520465212803445668432210961019729502103914530388247742016641237995952808703712482862506414062073383339683451433625683775233168415551, ssl client cert chain:[Ljava.security.cert.Certificate;@767c0d>
  ####<12-sep-2009 17:30:24 uur CEST><get BASE64 encoded artifact from http request, value is:AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: sha-1 hash value of remote partner id is '0xc46d956aa4de6f55a95df24aeeea8c9706a34f0f'>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: found remote partner 'jdev' with entity ID 'jdev_wls'>
  ####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: returning partner: [email protected]779>
  ####<12-sep-2009 17:30:24 uur CEST><partner entityid isjdev_wls, end point index is:0>
  ####<12-sep-2009 17:30:24 uur CEST><find end point:[email protected]2a7, binding location is:http://laptopedwin.wh.lan:7101/saml2/sp/ars/soap>
  ####<12-sep-2009 17:30:24 uur CEST><<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.671Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">soa</saml:Issuer><samlp:Artifact>AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=</samlp:Artifact></samlp:ArtifactResolve>>
  ####<12-sep-2009 17:30:24 uur CEST><open connection to send samlp:ArtifactResolve. partner id:jdev_wls, endpoint url:http://laptopedwin.wh.lan:7101/saml2/sp/ars/soap>
  ####<12-sep-2009 17:30:24 uur CEST><isClientPasswordSet:false>
  ####<12-sep-2009 17:30:24 uur CEST><connect to remote ARS.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: begin to send SAMLObject to server.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: sending completed, now waiting for server response.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: response code from server is: 200>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: get a HTTP_OK response, now receive a SOAP envelope message.>
  ####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: found XMLObject in envelope, return it.>
  ####<12-sep-2009 17:30:24 uur CEST><http url connection disconnect.>
  ####<12-sep-2009 17:30:24 uur CEST><<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xf34d9596cf9f8d37715fdf3529266b40" InResponseTo="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.812Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">jdev_wls</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096565]Artifact requester authentication failed.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse>>
  ####<12-sep-2009 17:30:24 uur CEST><get samlp:ArtifactResponse and verify it.>
  ####<12-sep-2009 17:30:24 uur CEST><saml version:2.0>
  ####<12-sep-2009 17:30:24 uur CEST><inResponseTo:_0xe219b059e77568bc835736caa94d6855>
  ####<12-sep-2009 17:30:24 uur CEST><status code: urn:oasis:names:tc:SAML:2.0:status:Success>
  ####<12-sep-2009 17:30:24 uur CEST><status message: [Security:096565]Artifact requester authentication failed.>
  ####<12-sep-2009 17:30:24 uur CEST><[Security:096577]Failed to receive AuthnRequest document from the requester.>
  ####<12-sep-2009 17:30:24 uur CEST><Caused by: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.>
  ####<12-sep-2009 17:30:24 uur CEST><exception info
  com.bea.security.saml2.service.SAML2Exception: [Security:096577]Failed to receive AuthnRequest document from the requester.
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:301)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
       at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
       at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
       at $Proxy26.process(Unknown Source)
       at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  com.bea.security.saml2.binding.BindingHandlerException: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.
       at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.getSamlMsg(AbstractArtifactResolver.java:459)
       at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.resolve(AbstractArtifactResolver.java:304)
       at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.resolve(ArtifactBindingReceiver.java:77)
       at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.receiveRequest(ArtifactBindingReceiver.java:40)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:295)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
       at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
       at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
       at $Proxy26.process(Unknown Source)
       at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >

  Tony,
  Refer SAP Note: 730870. Q16.
  Fyr from SAP Note:
  Q 16: While sending a message to the RfcAdapter the error "... functiontemplate from repository was <null>" is shown. Which reasons are possible?
                A: After receiving a message from the Adapter Engine, the RfcAdapter extracts the payload from the message. Normally this should be an XML document in the RFC-XML format. In this format the root element of the XML document represents the name of the function module and is enclosed in the fixed RFC namespace 'urn:sap-com:document:sap:rfc:functions'. But this only will be checked at a later point, when the conversion from XML to native RFC is done. As prerequisite of this conversion the structures and types of the function module parameters has to be known. This is also called metadata or function template. To get this function template the name of the function module is extracted from the root element of the XML document and is queried against the metadata repository of the communication channel. If the metadata repository doesn't have a function module with this name, the exception named above is thrown. Possible reasons are
  The XML document, which was send to the RfcAdapter, is not a RFC-XML document. So the root element name of this document is not the name of a function module and thus can't be found in the metadata repository.
  The metadata repository doesn't contain an entry for this function module name. Normally the metadata repository will be an R/3 system and it's function module repository can be searched with transaction code SE37.
  raj.

• How to request certificate from a non-domain computer

  We using a Windows Server 2008 R2 Enterprise CA to issuing webserver-certificates (SSL). The CA-Server is a member of a AD-Domain and online. Now we want to request certificates from computers like Windows Server 2008 R2 or Linux Server which aren't member
  of the domain.
  How we can request certificates automatically with a script remote from these Windows Servers, for example ? Is it possible to use  the "Certificate Enrollment Web Service" without the "Certificate Enrollment Policy Web Service" ?
  Is it possible to use certreq in this scenario ?
  Thanks for your help.

  Now I have found a solution. Shortly I want describe the way:
  Prerequirements:
  1. ADCS Enterprise Certification Authority is installed
  2. ADCS Certificate Enrollment Web Service is installed on a server
  3. ADCS Certificate Enrollment Policy Web Service is installed on an other server
  Steps to do:
  1. Prepare a request-file for a certificate
  2. On a computer which is not a member of the Domain/Forest of the CA-Service: submit the request to the CA and receive the issued certificate. The following command have to written in one line without line breaks.
    certreq -submit
      -Username {domain}\{username}
      -p {password}
      -PolicyServer "https://{FQDN CertificateEnrollmentPolicyWebService-Server/-Alias}/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP"
      -config "https://{FQDN CertificateEnrollentWebService-Server/-Alias}/{CAName}_CES_UsernamePassword/service.svc/CES"
      -attrib "CertificateTemplate:{TemplateName}"
      {Enter Path and Name of the Request-File}
      {Choose Path and Filename for certificate}
     Sample:
     certreq -submit
          -Username contoso\Serviceaccount
          -p P@ssw0rd
          -PolicyServer "https://CAPolicyEnroll.contoso.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP"
          -config "https://CAWebEnroll.contoso.com/IssuingCA1_CES_UsernamePassword/service.svc/CES"
          -attrib "CertificateTemplate:MyOwnSSLTemplate"
          request.req
          sslcert.cer
  3. Now you can find a file with your requested certificate locally in path you have choosen for the certificate-file.
  I hope this will be helpful for other people enrolling certificates on non-domain member computers.