Redirect from client provision to origin url

hello
Does anyone know if there is a way to redirect a user to home page from client provision portal?
we using wired solution.
the client PC have web browser automatically opens to home page when employees log in. and since we have posture configured to check the antivirus, the web browser be redirected to client provision portal. we would like to have the user redirected to the corporate home page after successfully NAC agent check.

We finally used our custom login module to solve this.

Similar Messages

Page Not Found Redirect Needs to include the original URL

See title. The apology rings hollow if you hide what it is that you won't resolve.
For example, what possible use does this give anyone?
http://social.technet.microsoft.com/Forums/error/notfound#c0f755e7-3bcf-4dc1-806e-13b977df7e98
In fact, it is a consequence of broken branding:
http://social.technet.microsoft.com/Forums/mvpforum/en-US/58cd4168-be4c-4a04-a172-d173e2655b4f/quotyour-pc-ran-into-a-problem-and-needs-to-restartquot-message-repeating-restart-problem#c0f755e7-3bcf-4dc1-806e-13b977df7e98
I.e. I was using the MVPForums as a starting point to look at My Threads, found one which was too big to open in a preview (201 posts) and middle-clicked on the Last Reply link, intending to look at it later (since I have Middle-click set up to open
new background tabs which can load while I go and do something else.) So coming back to a tab with no more context than a fragment for a Message-ID of an unknown thread is almost totally useless and requires me to go back and try to figure out what I
had done to generate that.
I even tried using View Source to try to find MVP in it, in case the URL would be embedded as a comment instead of as a link but no such luck. It really is a useless, very irritating diagnostic, made even more irritating by the very hollow "we're
sorry" years after this usability defect has been complained about.
BTW to add to my irritation over this there was also a horrible search experience, knowing that there were some current relevant threads in this forum but not being able to find them, using either the pathetic "relevance" filter which finds
ones that are too old or the OR-implied but non-Boolean-expression date filters which show nothing relevant.
Robert Aldwinckle

what's the value of including the URL of the page that you can't access?
So I could edit out the broken branding in the Address bar of a tab long after it was put there. That way if I miss the clue in the tab label that my launch didn't work I don't need to retrace my steps to try to figure out why it was there.
I was going to give you a more detailed example using a different thread and then thought I could do it with exactly this message. In addition I thought I would find out if there were any problems caused by branding when posting.
So, here is where Last Reply should go and therefore what should appear in my Address bar if I chose to open it in a new tab:
http://social.microsoft.com/Forums/mvpforum/en-US/2d07727b-7909-49d1-8f51-8f018ecdf3bb/page-not-found-redirect-needs-to-include-the-original-url?forum=reportabug#6f40fae0-3fb1-4ef0-96dc-f12f423b28fa
Using Middleclick on it made me think it had worked. E.g. the Tab label started out "Page Not Fou..." In fact, it did work but not for an example of what I wanted to demonstrate. That link can be branded when opened in its own
tab.
So, here is the one which gave me the idea that you might need an example.
Right-click, Copy Shortcut from a Last Reply link from a TechNet item in My Threads:
http://social.technet.microsoft.com/Forums/mvpforum/en-US/a4a7cc99-a49a-42a8-b2af-aff748623c34/windows-8-does-not-go-to-sleep-how-to-identify-the-deviceapp-preventing-sleep?forum=w8itprogeneral#30d98549-b381-4f69-ad09-6de25cd79316
Notice the mvpforum branding in the link? That is all that needs to be erased. Notice the GUID for the thread? Leaving me that at least could be useful. Instead, here is what "Page Not Fou..."s Address bar contains:
http://social.technet.microsoft.com/Forums/error/notfound#30d98549-b381-4f69-ad09-6de25cd79316
Useless--unless you can give me a search for
Msgid(30d98549-b381-4f69-ad09-6de25cd79316)
that can reliably find that thread.
Robert Aldwinckle

Cisco ISE (1.3) Posture without Client Provisioning

Hello readers,
Is it possible to set up Cisco ISE with posture without Client Provisioning?
My customer deploys the NAC Agent via MS SCCM. We prefer a access accept + DACL during the pending state instead of redirecting to client provisioning. But the NAC Agent will only communicate when we redirect to client provisioning.
Regards,
Dennis

With ISE you can perform 802.1x first and after that optionally you can perform posture. This is done with Radius, that's why it's really and completely out of band, and there's no such concept of trusted or untrusted port because the traffic is never inline.
Still, with ISE you have another option of "inline Posture", in which there's trusted and untrusted ports. I guess that's for some specific cases in which you can't go out-of-band.
On the other hand, so called "out-of-band" NAC was really always an inline solution, only after the user has authenticated and security policies have been verified then the user goes "out-of-band".

ISE no redirect to origin URL after guest login

Hi, is there a possibility to redirect a guest user to the origin URL after he logged in successfully?
Right now the attached file is what the user sees after login.
Thanks!

The first method is local web authentication. In this case, the WLC redirects the HTTP traffic to an internal or external server where the user is prompted to authenticate. The WLC then fetches the credentials (sent back via an HTTP GET request in the case of an external server) and makes a RADIUS authentication. In the case of a guest user, an external server (such as Identity Services Engine (ISE) or NAC Guest Server (NGS)) is required because the portal provides features such as device registering and self-provisioning. The flow includes these steps:
The user associates to the web authentication Service Set Identifier (SSID).
The user opens the browser.
The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
The user authenticates on the portal.
The guest portal redirects back to the WLC with the credentials entered.
The WLC authenticates the guest user via RADIUS.
The WLC redirects back to the original URL.
This flow includes several redirections. The new approach is to use central web authentication. This method works with ISE (versions later than 1.1) and WLC (versions later than 7.2). The flow includes these steps:
The user associates to the web authentication SSID, which is in fact open+macfiltering and no layer 3 security.
The user opens the browser.
The WLC redirects to the guest portal.
The user authenticates on the portal.
The ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) to indicate to the controller that the user is valid, and eventually pushes RADIUS attributes such as the Access Control List (ACL).
The user is prompted to retry the original URL.

Getting URL redirects from Google's "I'm Feeling Lucky" Search

Hello all! I'm working on my final project for my intermediate programming class but I've hit a bit of a snag. This project is a "do whatever interests you, as long as it incoporates what we've learned this semester" type of project. (My personal favorite type of programming project!) I have a significant amount of code already complete, but here's my problem:
To put it simply, my program:
1) Takes a list of movie names
2) Gets the movie poster from Wikipedia
3) Saves the poster images to a folder
4) Creates an HTML file, so I can see a visual representation of every movie on the list (btw, how do you like my idea?).
I'm using (what I think to be) a very clever system of searching with Google's "I'm Feeling Lucky" search (using detailed search terms such as "air+force+one+movie+wikipedia" that will, more than likely, always take me to the right page (if it exists))...
Basically, my getPic(String url) method is now throwing an exception when I try to search the page that Google redirects me to, and I'm guessing it might be because the code is trying to search the "I'm Feeling Lucky" redirect page, instead of the page it is supposed to redirect to.
I get the following error:
10000 BC
A connection to http://www.google.com/search?btnI=1&q=10000+bc+movie+wiki could not be established.
java.io.IOException: Server returned HTTP response code: 403 for URL: http://www.google.com/search?btnI=1&q=10000+bc+movie+wiki
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
     at java.net.URL.openStream(Unknown Source)
     at GetWikiPiki.getPic(GetWikiPiki.java:44)
     at MovieList.makeMovieList(MovieList.java:109)
     at MakeMovieList.main(MakeMovieList.java:13)(Etc, with all the movies giving the same exception.)
If my guess is correct, could someone please inform me on how to either:
a) Follow the redirection from Google to the Wikipedia page or
b) Obtain the URL which the Google search will redirect me to.
Preferably b, so I can program it not to need to recreate each movie search every time the program runs.
Or if you have another idea of what it could be, please feel free to make suggestions.
Thanks a lot,
Derek

When I tried printing the source of, for example, http://www.google.com/search?btnI=1&q=10000+bc+movie+wiki it gave me the source code to the Wikipedia 10,000 BC page with no errors at all.
Does this mean that it could be something wrong in my code and not Google?
Here is the code I'm using in the particular section that throws an exception:
      * Gets the image address of a movie poster from Wikipedia via
      * parsing the passed-in URL.
      * @param url The website address (URL) of a Wikipedia article containing a movie poster.
      * @return The first occurrence, in "picture_name.jpg" format, of an
      * image whose address contains "http://" and ".jpg".
public String getPic(String url) {
          try {
               URL connection = new URL(url);
               InputStream in = connection.openStream();
               Scanner console = new Scanner(in);
               while(console.hasNext()) {
                    String temp = console.next();
                    if(temp.contains("http://") && temp.contains(".jpg")) {
                         String temp2 = temp.replace("src", "").replace("=", "").replace("\"", "");
                         return temp2;
          catch(IOException e) {
          System.out.println("A connection to " + url + " could not be established.");
          e.printStackTrace();
          return null;
     }{code}
Edited by: NovellTerminator on Apr 8, 2009 2:36 AM
Edited by: NovellTerminator on Apr 8, 2009 2:40 AM (Included JavaDoc)

Is it possible to trace back from a malware- infected cache item to the originating url?

Is it possible to trace back from a malware- infected cache item to the originating url?

Hi Sree,
Code for Setting the response of Notification:
PROCEDURE sr_response (
p_sr_doc_number IN VARCHAR2,
p_result IN VARCHAR2,
p_message OUT VARCHAR2
AS
v_notification_id NUMBER;
BEGIN
SELECT notification_id
INTO v_notification_id
FROM wf_notifications
WHERE MESSAGE_TYPE = 'XXEGASR1'
AND message_name = 'SR_REQ_APPROVE'
AND status = 'OPEN'
AND item_key LIKE TO_CHAR (p_sr_doc_number) || '%';
wf_notification.setattrtext (v_notification_id, 'RESULT', p_result);
wf_notification.respond (v_notification_id);
p_message := 'Shipment request has been approved';
EXCEPTION
WHEN NO_DATA_FOUND
THEN
p_message := 'Failed to approve notification';
END sr_response;
From OAF in Eventhandller of Submit/Rejact button you can call like this:
String sql = "BEGIN xxega_sr_notf_pkg.invoke_wf (:1); END;";
OracleCallableStatement cs = (OracleCallableStatement)am.getOADBTransaction().createCallableStatement(sql,1);
               try
               cs.setString(1,srNo);
               cs.execute();
               cs.close();
               catch (Exception ex)
               System.out.println("ex.toString()"+ex.getCause());
               throw new OAException(ex.getMessage().subSequence(10,96).toString(),OAException.ERROR);
Hope this will help.
Regards,
Reetesh Sharma

ISE 1.2 device registration with MAB only, no client provisioning

Hello,
Is it possible for AD users (no guest users) to walk through the Device Registration Self Registration without Client Provisioning ?
I do not want to push certificates or native supplicant profiles to client devices.
I would just want AD users to register their MAC address, if MAC is not known. Add the MAC to some sort of group.
Then if MAC is known (in this group), skip registration and allow full access to the VLAN.
Right now, i am stuck on the registration portal that says "The system adminstrator has either nog configured or enabled a policy for your device". ?? It is true that my Client Provisioning screen is empty.
Am i really obliged to use native supplicant provisioning to register my device ?
GN

Hi
Device Registration web auth is a process where you can configure user without client provisioning.
In this scenario, the guest user connects to the network with a wireless connection that sends an initial MAB request to the Cisco ISE node. If the user’s MAC address is not in the endpoint identity store or is not marked with an AUP accepted attribute set to true, ISE responds with a URL redirection authorization profile. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.
1. A guest user connects to the network using a wireless connection and has a MAC address that is not in the endpoint identity store or is not marked with an AUP accepted attribute set to true, and receives a URL redirection authorization profile. The URL redirection presents the user with a AUP acceptance page when the guest user attempts to go to any URL.
2. If the guest user accepts the AUP, their MAC address is registered as a new endpoint in the endpoint identity store (assuming the endpoint does not already exist). The new endpoint is marked with an AUP accepted attribute set to true, to track the user’s acceptance of the AUP. An administrator can then assign an endpoint identity group to the endpoint, making a selection from the Guest Management Multi-Portal Configurations page.
3. If the guest’s endpoint already exists in the endpoint identity store, the AUP accepted attribute is set to true on the existing endpoint. The endpoint’s identity group is then automatically changed to the value selected in the Guest Management Multi-Portal Configurations page.
4. If the user does not accept the AUP or an error occurs in the creation of the endpoint, an error page appears.
5. After the endpoint is created or updated, a success page appears, followed by a CoA termination being sent to the NAD/WLC.
6. After the CoA, the NAD/WLC reauthenticates the user’s connection with a new MAB request. The new authentication finds the endpoint with its associated endpoint identity group, and returns the configured access to the NAD/WLC.

ISE 1.2 Client Provisioning Page Customization

Hi All,
Is it possible to customize Client Provisioning Page. We are using ISE version1.2
I could see from switch port authentication sesssion that it is being redirected to guest portal with session ID.
however on the host machine itself it gets redirected to a different URL.
Regards
Sameer

please have a look on Configuring Client Provisioning guide:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_client_prov.html#wp1347894

Client provisioning exception for guest flow - bug?

hi all,
I encounterd one problem with guest flow and client provisioning.
Please if someone could confirm that this can or can't be done
I want to accomplish such a scenario:
- AD user have to download the full nac agent
- AD user from specific group when using webauthentication (as a fallback) doesn't need to downlaod webagent (so no posture at all - the default status is compliant)
- all guest users need to download webagent
It seems that it can't be done cause:
First of all to make it work we need to enable "guest users should download the posture client"
I created the "client provisioning policy" in a way that:
If it is AD user and its not a guest flow (2) then NAC agent should be applied
If it is a guest user webagent should be downloaded
It works with an exception that when AD user logs in using webauthentication (guest portal), no download page is displayed (as expected) but instead of normal access there is a blank page with the following URL
https://ise-nfr.sevenetdemo.local:8443/auth/CppSetup.action
so it seems that even though there is no match in "client Provisioing Policy" (again, as expected) ISE still tries to redirect to the cpp portal as this checkbox in multiportal configuration says so.
As a result no CoA is initiated to the switch and switch authentication hangs on the last default policy - CWA_POSTURE_REMEDIATION
Is it possible to do it?
regards
Przemek

Please review the below links which might be helpful:
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac04namconfig.html
http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_client_prov.pdf

Client provisioning not working on ISE after 1.2 Migration

Working on an initial piloted roleout of ISE with a customer. We initially had a single server setup as a pilot using 1.1.1.4 to pilot things like client supplicant provision, and then stood up a new VM as a secondary and upgraded that to 1.2. Today we tested client provisioning that work fine before, and it is failing for iOS (we haven't gotten to the other OS'es yet). What occurs is the user authenticates using PEAP and the client gets the request to install the root certificate. After this the client accepts the root certificate the connection drops. When you click the SSID to start the process again we see the redirect to the mydevices portal, but before you can click to register the client it redirected to accept the root certificate again, creating an endless loop. Has anyone else run into this bug?

Please update the patch useing the below details and try it.
To upload offline client provisioning resources, complete the following steps:
Step 1 Go to the Download Software web page at http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm. You may need to provide login credentials.
Step 2 Navigate to Products > Security > Access Control and Policy > Cisco Identity Services Engine > Cisco Identity Services Engine Software.
Choose from the following Off-Line Installation Packages available for download:
•win_spw--isebundle.zip— Off-Line SPW Installation Package for Windows
•mac-spw-.zip — Off-Line SPW Installation Package for Mac OS X
•compliancemodule--isebundle.zip — Off-Line Compliance Module Installation Package
•macagent--isebundle.zip — Off-Line Mac Agent Installation Package
•nacagent--isebundle.zip — Off-Line NAC Agent Installation Package
•webagent--isebundle.zip — Off-Line Web Agent Installation Package
Step 3 Click Download or Add to Cart.

Saml2 error validateArtifactRequester: certificate from client is null

Hi,
I got this error ArtifactResolutionService.validateArtifactRequester: certificate from client is null, authentication is failed.>
If you see the log then you can see the handshaking between assertion and indentity works but somehow the assertion refuses the response of the identity
assertion provider
####<12-sep-2009 17:30:24 uur CEST><SAML2Filter: Processing request on URI '/appB/faces/aut/restricted.jspx'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/appB/faces/aut/restricted.jspx'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is not a service URI>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'SPinitiator'>
####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: processing>
####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: partner id is null>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
####<12-sep-2009 17:30:24 uur CEST><SP initiating authn request: use partner binding HTTP/Artifact>
####<12-sep-2009 17:30:24 uur CEST><store saml object org.opensaml.saml2.core.impl.AuthnRequestImpl@168c85b, BASE64 encoded artifact is AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=>
####<12-sep-2009 17:30:24 uur CEST><post artifact: false>
####<12-sep-2009 17:30:24 uur CEST><local ARS binding location: http://laptopedwin.wh.lan:8001/saml2/idp/sso/artifact>
####<12-sep-2009 17:30:24 uur CEST><post form template url: null>
####<12-sep-2009 17:30:24 uur CEST><URL encoded artifact: AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
####<12-sep-2009 17:30:24 uur CEST><URL encoded relay state: null>
####<12-sep-2009 17:30:24 uur CEST><artifact is sent in http url:http://laptopedwin.wh.lan:8001/saml2/idp/sso/artifact?SAMLart=AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Processing request on URI '/saml2/sp/ars/soap'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/saml2/sp/ars/soap'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): service URI is '/sp/ars/soap'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'ARS'>
####<12-sep-2009 17:30:24 uur CEST><ArtifactResolutionService.process: get SoapHttpBindingReceiver as receiver and SoapHttpBindingSender as sender.>
####<12-sep-2009 17:30:24 uur CEST><ArtifactResolutionService.validateArtifactRequester: certificate from client is null, authentication is failed.>
####<12-sep-2009 17:30:24 uur CEST> <Warning> <Security> <LAPTOPEDWIN> <DefaultServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1252769424812> <BEA-000000> <[Security:096565]Artifact requester authentication failed.>
####<12-sep-2009 17:30:24 uur CEST><SoapHttpBindingSender.sendResponse: Set HTTP headers to prevent HTTP proxies cache SAML protocol messages.>
####<12-sep-2009 17:30:24 uur CEST><SoapHttpBindingSender.send: the SOAP envelope to be sent is :
>
####<12-sep-2009 17:30:24 uur CEST> <<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"><soap11:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xf34d9596cf9f8d37715fdf3529266b40" InResponseTo="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.812Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">jdev_wls</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096565]Artifact requester authentication failed.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse></soap11:Body></soap11:Envelope>>
####<12-sep-2009 17:35:24 uur CEST> <authn_request - item: _0x9061f430c89cd074398250c710c83045 expired.>
identity provider
####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Initialized logger service>
####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Initialized SAML2 service>
####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: setConfigKey called with key 'default'>
####<12-sep-2009 17:30:24 uur CEST><SAML2Servlet: Processing request on URI '/saml2/idp/sso/artifact'>
####<12-sep-2009 17:30:24 uur CEST><Redirect URI cache updated.>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): request URI is '/saml2/idp/sso/artifact'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): service URI is '/idp/sso/artifact'>
####<12-sep-2009 17:30:24 uur CEST><getServiceTypeFromURI(): returning service type 'SSO'>
####<12-sep-2009 17:30:24 uur CEST><Request URI: /saml2/idp/sso/artifact>
####<12-sep-2009 17:30:24 uur CEST><Method: GET>
####<12-sep-2009 17:30:24 uur CEST><Query string: SAMLart=AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH%2FNaPWjnhgmqYEpXMWX2STBHg%3D>
####<12-sep-2009 17:30:24 uur CEST><     Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*>
####<12-sep-2009 17:30:24 uur CEST><     Referer: http://127.0.0.1:7101/appB/faces/appBStart.jspx;jsessionid=TtbvKr5Myy7hC5y2j9YVZMLp2dxvYlGP3nV8KnJPtnB5svv4cnDL!-453074333?_adf.ctrl-state=m6b65gdxq_4>
####<12-sep-2009 17:30:24 uur CEST><     Accept-Language: nl>
####<12-sep-2009 17:30:24 uur CEST><     User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)>
####<12-sep-2009 17:30:24 uur CEST><     Host: laptopedwin.wh.lan:8001>
####<12-sep-2009 17:30:24 uur CEST><     Accept-Encoding: gzip, deflate>
####<12-sep-2009 17:30:24 uur CEST><     Connection: Keep-Alive>
####<12-sep-2009 17:30:24 uur CEST><     Cache-Control: no-cache>
####<12-sep-2009 17:30:24 uur CEST><weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
####<12-sep-2009 17:30:24 uur CEST><ssl client key:Sun RSA private CRT key, 1024 bits
modulus: 135256530343776309493378499238723474761809537383354856443783031405724842963590896515127253614442774833330163469306346998433606124817086312759138932710087080464501074410925139095622741276531270633324573257815772267862467588496928149465417098076218732040047455958122894583653703895415828491462423303970267662119
public exponent: 65537
private exponent: 70314326087743699962454879977162652930937500017561071746336998641882377889887267410323718367396514008446506086626901479113065301623787031382331559843030136237857866934906267741351110674239213829006129063775109788707087302538026535943257466578949319062480441789214176315827916248430287133081293921721804088033
prime p: 11974625102832097583118096114610793613205242504983701060834332690026001982375077665162762308523793650653350947197100038932023730202787298553029195261347327
prime q: 11295262205059515784067784104204404656057034968759802138195417174670025481580489505249455835611140503620524999898446032906677280702668039750528726228078297
prime exponent p: 10636051419212951957075964614303506523311875298802298281157626077164099690190818102244374273181234298154969131746805474255337189050985724645168110919912251
prime exponent q: 9180707495599589343206474566470241653094376286920321960074362300079694178141042692915879784722129977674567430529173188898986608915112396683265394948155617
crt coefficient: 3999529359604887198322520465212803445668432210961019729502103914530388247742016641237995952808703712482862506414062073383339683451433625683775233168415551, ssl client cert chain:[Ljava.security.cert.Certificate;@767c0d>
####<12-sep-2009 17:30:24 uur CEST><get BASE64 encoded artifact from http request, value is:AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=>
####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: sha-1 hash value of remote partner id is '0xc46d956aa4de6f55a95df24aeeea8c9706a34f0f'>
####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: found remote partner 'jdev' with entity ID 'jdev_wls'>
####<12-sep-2009 17:30:24 uur CEST><ArtifactResolver: returning partner: [email protected]779>
####<12-sep-2009 17:30:24 uur CEST><partner entityid isjdev_wls, end point index is:0>
####<12-sep-2009 17:30:24 uur CEST><find end point:[email protected]2a7, binding location is:http://laptopedwin.wh.lan:7101/saml2/sp/ars/soap>
####<12-sep-2009 17:30:24 uur CEST><<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.671Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">soa</saml:Issuer><samlp:Artifact>AAQAAMRtlWqk3m9VqV3ySu7qjJcGo08PSwH/NaPWjnhgmqYEpXMWX2STBHg=</samlp:Artifact></samlp:ArtifactResolve>>
####<12-sep-2009 17:30:24 uur CEST><open connection to send samlp:ArtifactResolve. partner id:jdev_wls, endpoint url:http://laptopedwin.wh.lan:7101/saml2/sp/ars/soap>
####<12-sep-2009 17:30:24 uur CEST><isClientPasswordSet:false>
####<12-sep-2009 17:30:24 uur CEST><connect to remote ARS.>
####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: begin to send SAMLObject to server.>
####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: sending completed, now waiting for server response.>
####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: response code from server is: 200>
####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: get a HTTP_OK response, now receive a SOAP envelope message.>
####<12-sep-2009 17:30:24 uur CEST><SoapSynchronousBindingClient.sendAndReceive: found XMLObject in envelope, return it.>
####<12-sep-2009 17:30:24 uur CEST><http url connection disconnect.>
####<12-sep-2009 17:30:24 uur CEST><<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xf34d9596cf9f8d37715fdf3529266b40" InResponseTo="_0xe219b059e77568bc835736caa94d6855" IssueInstant="2009-09-12T15:30:24.812Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">jdev_wls</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096565]Artifact requester authentication failed.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse>>
####<12-sep-2009 17:30:24 uur CEST><get samlp:ArtifactResponse and verify it.>
####<12-sep-2009 17:30:24 uur CEST><saml version:2.0>
####<12-sep-2009 17:30:24 uur CEST><inResponseTo:_0xe219b059e77568bc835736caa94d6855>
####<12-sep-2009 17:30:24 uur CEST><status code: urn:oasis:names:tc:SAML:2.0:status:Success>
####<12-sep-2009 17:30:24 uur CEST><status message: [Security:096565]Artifact requester authentication failed.>
####<12-sep-2009 17:30:24 uur CEST><[Security:096577]Failed to receive AuthnRequest document from the requester.>
####<12-sep-2009 17:30:24 uur CEST><Caused by: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.>
####<12-sep-2009 17:30:24 uur CEST><exception info
com.bea.security.saml2.service.SAML2Exception: [Security:096577]Failed to receive AuthnRequest document from the requester.
     at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:301)
     at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
     at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
     at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
     at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
     at $Proxy26.process(Unknown Source)
     at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
com.bea.security.saml2.binding.BindingHandlerException: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.
     at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.getSamlMsg(AbstractArtifactResolver.java:459)
     at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.resolve(AbstractArtifactResolver.java:304)
     at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.resolve(ArtifactBindingReceiver.java:77)
     at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.receiveRequest(ArtifactBindingReceiver.java:40)
     at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:295)
     at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
     at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
     at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
     at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
     at $Proxy26.process(Unknown Source)
     at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>

Tony,
Refer SAP Note: 730870. Q16.
Fyr from SAP Note:
Q 16: While sending a message to the RfcAdapter the error "... functiontemplate from repository was <null>" is shown. Which reasons are possible?
              A: After receiving a message from the Adapter Engine, the RfcAdapter extracts the payload from the message. Normally this should be an XML document in the RFC-XML format. In this format the root element of the XML document represents the name of the function module and is enclosed in the fixed RFC namespace 'urn:sap-com:document:sap:rfc:functions'. But this only will be checked at a later point, when the conversion from XML to native RFC is done. As prerequisite of this conversion the structures and types of the function module parameters has to be known. This is also called metadata or function template. To get this function template the name of the function module is extracted from the root element of the XML document and is queried against the metadata repository of the communication channel. If the metadata repository doesn't have a function module with this name, the exception named above is thrown. Possible reasons are
The XML document, which was send to the RfcAdapter, is not a RFC-XML document. So the root element name of this document is not the name of a function module and thus can't be found in the metadata repository.
The metadata repository doesn't contain an entry for this function module name. Normally the metadata repository will be an R/3 system and it's function module repository can be searched with transaction code SE37.
raj.

Redirect from ROOT

I am trying to redirect to the welcome page from ROOT. When www.mydomain.com is called from a browser, the servlet inside ROOT should redirect to another web page in webapps/welcome/index.jsp
What I did:
com.index.Redirect
public class Redirect extends HttpServlet
     private final String url = "welcome/index.jsp";
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
          response.sendRedirect(url);
}web.xml:
<servlet>
    <servlet-name>Index</servlet-name>
    <servlet-class>com.index.Redirect</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Index</servlet-name>
    <url-pattern>/index</url-pattern>
</servlet-mapping>What I got: The requested resource (/) is not available
What am I missing? Thanks

"/" is not the same as "/index". The mapping from / to /index is done on the server side, not the client, so you can't assume that every hit will start with at least /index. Also if I recall correctly / has a special meaning in servlet environment configurations and may not behave as expected.
Generally (or always?) web servers and I believe servlet containers have a special configuration option to identify a home page, so be careful that you're not reinventing the wheel here.

SSO problem when redirecting from a JSP page to an external application

Hi,
I try to make a redirect from a JSP page (that is under a SSO protected application on iAS) to another page from another application, on an external iAS server, also protected by (a different) SSO. After the redirection is done, the login window appears, I enter the login name and the password and after that I obtain the followin error:
"Oracle SSO Failure - Unable to process request
Either the requested URL was not specified in terms of a fully-qualified host name or OHS single sign-on is incorrectly configured.
Please notify your administrator."
In the logs og the server I found the following:
[OSSO] W05: Requested URL is not specified in terms of fully-qualified host name or invalid SSO partner configuration. Host from request
mycompany.com:7777, registered host 144.147.147.200:7778.
(the ip address being the address of the mycompany.com host).
Any clue about this? Thanks a lot in advance!
Regards,
Marinel

Hi Carlo,
Thanks for your answer.
The JSP original page is not added as a partner application to the second SSO server.
The idea was that the user should insert first the login name/passwd for the first server, after being logged in, then redirected to the second application (on a different server), insert the login name/password for the second application and then load the 2nd application page. It seems that is not working after inserting the password for the 2nd application.
Coming to a more general question that could help me to avoid this complicated approach: is it possible to have two different applications deployed on two different iAS servers and the two applications to use the same SSO (let's say the one from the first iAS server)? I have to mention that the process scenario is the following: the user load a page from the first application (protected by SSO), then, after successfull login and some processing in the first app, he will be automatically redirected by the first app to the second application, on the second server. I want to have also the second application, on the 2nd server, protected by SSO (ideally would be the same SSO as the first one!). Ideally the scenario would be: if it is redirected from the first app and the user is already authenticated, the automatic redirection should be done transparently for the user (without enetring the password again). If the user goes directly from the browser to a page of the second app, the SSO login window should be displayed and the user should provide his password.
Is such a scenario possible on two apps deployed on two different servers?!
Thanks a lot again!
Regards,
Marinel

My original URLs won't ping

When I originally put my podcasts on iTunes, Apple gave me the following URLs
http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=210064273
http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=210065679
Recently while trying to redirect my feeds through Podango (by pointing Feedburner at Podango instead of Libsyn), I lost most if not all of my iTunes subscribers over a one week period.
In trying to figure out what was wrong, I discovered a problem with the Podango feeds. However, this problem has been fixed, but I still have two problems.
1. The original URL's from Apple fail to ping.
2. Pinging iTunes via Show ID instead of feed URL shows that ITunes is still pointing at Podango, when it should be pointing at Libsyn via Feedburner. (When the Podango feed was bad I changed it back so the Libsyn should not be redirecting to Podango.)
I am OK with the Podango redirect if I can find my missing subscribers. I wonder if there aren't people who think the podcast has left iTunes because of this problem and then unsubscribed, or if they are not showing up because they are pointed to the wrong place.
As of today, if I use the URL supplied by Apple it seems to link to the correct place on the iTunes store and it seems to download episodes (yesterday the episodes wouldn't download). Yet pinging still gives me "No Podcast Found for Ping Request."
Dr. Ginger Campbell
the Brain Science Podcast
Books and Ideas
intel MacBook and MacPro Mac OS X (10.4.6)
intel MacMini and intel MacBook Mac OS X (10.4.6)
intel MacMini and intel MacBook Mac OS X (10.4.6)

For these kinds of things, I usually subscribe to the podcast, then look at the "podcast description" which gives me the actual podcast URL. Punch that into Firefox which has the ability to read RSS feeds and then look at the source which shows me the XML.
Anyway, it was at the very bottom of the XML. Which was an odd place for it since most people put it at the top of the feed....probably why the Libsyn guys missed it.
-----snippet from your feed--------
<item>
<title>Books and Ideas #5 How are Science and Philosophy Related?</title>
<description>#5 How are Science and Philosphy related? I explore the common heritage of science and philosophy. Show Notes are at http://booksandideas.com. Please send me comments at [email protected] or visit iTunes and leave a review. </description>
<guid isPermaLink="true">http://www.podango.com/podcast.php?podcastId=649&episodeId=24218</guid>
<pubDate>Fri, 19 Jan 2007 02:31:01 EST</pubDate>
<enclosure url="http://download.podango.com/mp3tracker/24218/file.mp3" length="14251550" type="audio/mpeg" />
<itunes:author></itunes:author>
<itunes:subtitle></itunes:subtitle>
<itunes:summary>#5 How are Science and Philosphy related? I explore the common heritage of science and philosophy. Show Notes are at http://booksandideas.com. Please send me comments at [email protected] or visit iTunes and leave a review. </itunes:summary>
<itunes:keywords></itunes:keywords>
<itunes:explicit>no</itunes:explicit></item>
<itunes:new-feed-url>http://www.podango.com/feeds/feed.php?pid=649</itunes:new-feed-url>
</channel>
</rss>

Adobe Muse | External link to Etsy site | Using original URL

Hi everyone,
I have 2 questions:
01: how to create a link to an etsy online shop
02: URL appearance
01 –> I am done with my website so far and now I want to put a link to my external online shop at ETSY. I also have an online shop at "DaWanda" and that link works just fine. But the link from ETSY isn´t working. I tried many times, copying and stuff. Still it doens´t go to the ETSY site. What could be wrong here?
02 –> And I want that the original URL of the online shop (www.etsy...onlineshop.com) will show up in the browser. But it still shows the URL of my own homepage insted of the ESTY or DaWanda Onlineshop. How can I change that?
Or is that based on my adjustments of my webhost? Because I made the following adjustments:
The real URL (for example: www.myhomepage-hostingcompany.com) of my homepage doesn´t show up in the browser (when you visit my website) because I´m hiding the part "hostingcompany" and you can only see "www.myhomepage.com"
Maybe because of this adjustment at my hosting service (the "hiding option") the online shop URL doesn´t show up either. Is that the reason?
Best regards, Fries

Hi Fries
As you have mentioned you are linking to external site but its not working, how exactly you have linked ? something like "Buy Product" which is linked to external site where Online shop is configured ?
Regarding the URL, the purchase process will show the url of the site it is configured while shopping/Order process, if you want to change this then you would need to do this from your hosting end as you would need to use a redirect link from shopping back to your site. Please get in touch with your hosting provider for more information.
Thanks,
Sanjit

Redirect from client provision to origin url

Similar Messages

Maybe you are looking for