Retrieving personal user certificate for secure webservice

Similar Messages

• Help-I want to move my stuff out of admin user account to a non-admin user account for security.  How can this be done?

  So... I have amassed loads of documents, videos, music, photos, etc. onto my MacBook Pro all under the admin user account I set up for myself.  I am the only one who uses the MacBook.  I now work virtually and am online at different free wifi spots, and I want to access all of my stuff under a non-admin user account for security reasons.
  I attempted to uncheck the "allow this user to administer this computer" box under my admin user account, but it is greyed out and I cannot.
  Is there an easier way to fix this than backing up all of my stuff and then moving it to a non-admin account?

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.

• How to defne user mapping for a Webservice method to acheive single sign on

  I all,
  I have created a Web service System using a url (containing full path of my wsdl )
  Now this particular wsdl(my webservice) has an <b>authenticate method</b> , which takes username and password.
  wanted to know is there any way that i can do user mapping for it .
  i.e when i create an ivew for this web service system using authenticate method , it should pick up the username and password from the user mapping. presently the ivew itself asks for username and password ?
  else can anyone tellme is there a way to do user mapping for my web service system that i have created using a wsdl url. presently it works with any junk username password, i mean the connection always succeds , may be because accessing a wsdl dosent requires any user name and password.
  thanks

  I all,
  I have created a Web service System using a url (containing full path of my wsdl )
  Now this particular wsdl(my webservice) has an <b>authenticate method</b> , which takes username and password.
  wanted to know is there any way that i can do user mapping for it .
  i.e when i create an ivew for this web service system using authenticate method , it should pick up the username and password from the user mapping. presently the ivew itself asks for username and password ?
  else can anyone tellme is there a way to do user mapping for my web service system that i have created using a wsdl url. presently it works with any junk username password, i mean the connection always succeds , may be because accessing a wsdl dosent requires any user name and password.
  thanks

• Using Pay_balance_pkg to retrieve Person YTD balance for Employees

  We would like to create a report that provides the Person Year to Date amounts for a group of employees.
  We would like the report to be flexible enough that we could use a parameter to put in the balance that we would like to retrieve, ie. Pensionable Earnings, the dimension, ie. PER_YTD and the date parameters that we are looking for, ie. Jan 1, 2008 to Dec 31, 2008
  I understand that the best method to do this is to use the pay_balance_pkg.get_value and that there are two methods, assignment mode and date mode. I think it is date mode that we need as we want the information at the person level.
  We also do not care about the tax unit id or jurisdiction code as we want the balance at the person level.
  Could anyone advise how we would (or if we can) use pay_balance_pkg to do this for us? And if so, what the code would look like?
  Thanks,
  Martha

  Hola Alejandro,
  you can play a little bit around with the one below you find more confortable with.
  /* multi level */
  select level
  ,assignment_number
  ,assignment_id
  ,supervisor_id
  ,(select full_name from per_people_x where person_id = pax.person_id)
  ,sys_connect_by_path( (select employee_number from per_people_x where person_id = pax.person_id), ' --> ')
  from per_assignments_x pax
  where primary_flag = 'Y'
  connect by prior person_id = supervisor_id
  start with person_id = 1523
  /* level 2 only */
  select (select full_name from per_people_x where person_id = pax1.person_id)
  ,(select full_name from per_people_x where person_id = pax2.person_id)
  from per_assignments_x pax1
  ,per_assignments_x pax2
  where pax1.supervisor_id = 1523
  and pax1.primary_flag = 'Y'
  and pax1.person_id = pax2.supervisor_id
  and pax2.primary_flag = 'Y'

• How can I retrieve my user password for imac

  Just bought an imac.  My password won't work and I can't access my computer how can I change my password or retrieve the old one?

  You can use your Apple ID to rest your admin password >  OS X: Apple ID can be used to reset your user account password

• Code for secure WebService

  Hi All,
  I am using Weblogic App. Server and I want to write code for encrypting the data sent through the Java Web service. I am new to this so can anyone please tell me the steps for that? If you have working code for that, it will be of great help. Its very very urgent for me.
  Thanks,
  Radhakrishna

  helping you would compromise security, so no we can't help you.

• Use of Certificate for secure communication

  Hi Friends,
  Our partner has provided there certificate to us and we had provide our certificate to them,
  Now while sending message to partner,which certificate I need to attach, our certificate or the certificate provided by partner?
  Also please provide some links related to this....
  Regards,
  Brijesh

  Use private certificate of the partner.
  http://help.sap.com/saphelp_nw04s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  Regards,
  Prateek

• Problem with certificates for secure sites since 10.5.2 update

  Since the 10.5.2 update I am suddenly getting warnings about certificates of some sites, but not all. However, these sites worked without warning before the update, and the certificates are signed by trusted authorities.
  The only difference that I can see, is that when checking the certificate details, that when the site is giving warnings, I only see the site certificate, and when sites are trusted, I see a whole tree of certificates.
  So far I have not had much luck in researching the issue on the internet.

  You can try removing and reinstalling a small program called EyeTV Helper, which is involved in detecting EyeTV on the FireWire/USB bus. Find the EyeTV Helper (located in your hard drive/Library/Application Support/EyeTV folder). Then, start the Activity Monitor (located in Applications/Utilities), and find EyeTV Helper in the list. Quit EyeTV Helper. Then, erase EyeTV Helper from your hard drive. Start EyeTV and it will be reinstalled. Does this help?

• Where is the jar file for secure Webservices??

  Hi all,
  Please, let me know where can I get jar file with SecurityProtocol and AuthenticationContext classes !
  references : http://help.sap.com/saphelp_nw04/helpdata/en/56/f26a4db4eca14780ab2c1a1e211372/frameset.htm
  web service standalone client
  thanks.

  Hi Isaac,
  <NWDS_ROOT>\SAP\JDT\eclipse\plugins\com.sap.tc.ap\comp\SAP-JEE\DCs\sap.com\webservices_lib\_comp\gen\default\public\default\lib\java\tc_sec_wssec_lib.jar
  Best regards, Maksim Rashchynki.

• Analysing User Accounts for Security

  I have been asked to investigate and produce analysis of all accounts on a SQL cluster. I need to produce information regarding level of authority, usage history, create date, etc etc. I'm running MS SQL Server Management Studio. Am I able to achieve
  what's required using that or do I need additional tools?

  You might be interested in the scripts that I have posted on the SQL Server wiki at
  Database Engine Effective Permissions http://social.technet.microsoft.com/wiki/contents/articles/15180.effective-database-engine-permissions.aspx
  Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

• 802.1X EAP-TLS User Certificate Errors

  I'm trying to implement 802.1x using EAP-TLS to authenticate our wireless users/clients (Windows 7 computers).  I did a fair amount of research on how to implement this solution and everything seems to work fine when authentication mode is set to: Computer
  Authentication.  However, when authentication mode is set to "User or Computer" or just "User" it fails.  I get a "certificate is required to connect" pop up and it's unable to connect.
  No errors on the NPS side but I enabled logging on the client (netsh ras set tracing * ENABLED) and this is what I can see.  It seems as if there is a problem with the client certificate:
  [236] 06-04 09:26:35:704: EAP-TLS using All-purpose cert
  [236] 06-04 09:26:35:720:  Self Signed Certificates will not be selected.
  [236] 06-04 09:26:35:720: EAP-TLS will accept the  All-purpose cert
  [236] 06-04 09:26:35:720: EapTlsInitialize2: PEAP using All-purpose cert
  [236] 06-04 09:26:35:720: PEAP will accept the  All-purpose cert
  [236] 06-04 09:26:35:720: EapTlsInvokeIdentityUI
  [236] 06-04 09:26:35:720: GetCertInfo flags: 0x40082
  [236] 06-04 09:26:35:720: FCheckUsage: All-Purpose: 1
  [236] 06-04 09:26:35:720: DwGetEKUUsage
  [236] 06-04 09:26:35:720: Number of EKUs on the cert are 3
  [236] 06-04 09:26:35:720: FCheckSCardCertAndCanOpenSilentContext
  [236] 06-04 09:26:35:720: DwGetEKUUsage
  [236] 06-04 09:26:35:720: Number of EKUs on the cert are 3
  [236] 06-04 09:26:35:720: FCheckUsage: All-Purpose: 1
  [236] 06-04 09:26:35:720: Acquiring Context for Container Name: le-8021xUsers-84adbdd0-a706-4c71-b74a-61a1bd702839, ProvName: Microsoft Software Key Storage Provider, ProvType 0x0
  [236] 06-04 09:26:35:720: CryptAcquireContext failed. This CSP cannot be opened in silent mode.  skipping cert.Err: 0x80090014
  [236] 06-04 09:26:35:720: FCheckUsage: All-Purpose: 1
  [236] 06-04 09:26:35:720: DwGetEKUUsage
  [236] 06-04 09:26:35:720: Number of EKUs on the cert are 1
  [236] 06-04 09:26:35:720: No Certs were found in the Certificate Store.  (A cert was needed for the following purpose: UserAuth)  Aborting search for certificates.
  Also, in the event viewer I get the following:
  Wireless 802.1x authentication failed.
  Network Adapter: Dell Wireless 1510 Wireless-N WLAN Mini-Card
  Interface GUID: {64191d46-0ea6-4251-86bb-7d6de5701025}
  Local MAC Address: C4:17:FE:48:F2:79
  Network SSID: *****
  BSS Type: Infrastructure
  Peer MAC Address: 00:12:17:01:F7:2F
  Identity: NULL
  User: presentation
  Domain: ****
  Reason: Explicit Eap failure received
  Error: 0x80420014
  EAP Reason: 0x80420100
  EAP Root cause String: Network authentication failed\nThe user certificate required for the network can't be found on this computer.
  I created user and computer certificates by duplicating the "User" and "Computer" templates in AD CS.  I modified the "Subject Name" to "Build from Active Directory information".  "Subject Name Format" is set to "Fully Distinguished Name" and "User
  Principal Name (UPN) is checked.  All other boxes are cleared.  I verified that certificates for both user, computer , and root CA are all correctly auto enrolled.  I also verified that the user certificate
  exists in the "Personal" user certificate store on the client.
  There is clearly something wrong with the user certificate but what? I'm at wits ends as I have tried everything.  Please help!

  Hey,
  I am precisely in the same situation now. I have  a win7 client with server2008R2(having AD, and DNS) with NPS running. I have certificate templates and auto enrollment configured. My Win7 machine is able to authenticate using its certificate but
  when I use the user certificate it doesn't work. Both  user/computer certificates are coming from the AD root CA enterprise. NPS has the right certificate. I have verified on client user/local machine , both have their respective certificates in their
  personal stores.
  I have tried all possible combination and even tried changing the key provider but no use.[6472] 12-10 13:39:04:327: Number of EKUs on the cert are 1
  [6472] 12-10 13:39:04:327: FCheckSCardCertAndCanOpenSilentContext
  [6472] 12-10 13:39:04:327: DwGetEKUUsage
  [6472] 12-10 13:39:04:327: Number of EKUs on the cert are 1
  [6472] 12-10 13:39:04:327: FCheckUsage: All-Purpose: 1
  [6472] 12-10 13:39:04:327: Acquiring Context for Container Name: le-LM-USER-4aa6cf55-b6b7-491e-ad5b-735e44eaf3c7, ProvName: Microsoft Software Key Storage Provider, ProvType 0x0
  [6472] 12-10 13:39:04:327: CryptAcquireContext failed. This CSP cannot be opened in silent mode.  skipping cert.Err: 0x80090014
  [6472] 12-10 13:39:04:327: No Certs were found in the Certificate Store.  (A cert was needed for the following purpose: UserAuth)  Aborting search for certificates.
  [6472] 12-10 13:39:04:327: EAP-TLS using All-purpose cert
  [6472] 12-10 13:39:04:327:  Self Signed Certificates will not be selected.
  [6472] 12-10 13:39:04:327: EAP-TLS will accept the  All-purpose cert
  I am stuck at it for last few days with no real cause known as yet.!
  Any help will be thoroughly appreciated!!!

• Automatically renewing certificates for digital signatures

  Is it possible to setup some form of system that automatically renews the user certificate for digital signatures? If so, where can i find information on this?

  Hi - these are all reader extended through Livecycle ES Reader extensions and are signed by users in Reader. What I am asking is if anyone has an idea where this behaviour is declared, so that I can change it.

• Securing webservices with SAML

  Hi everybody,
  I'm trying to protect web services with SAML assertions using AM 7.1, I've alredy try to deploy some tutorials and samples provided by netbeans 6.0, AM7.1 and Java EE SDK, but I'm facing a lot of problems, I also found many contradictions between the tutorials and official Sun documentation and at this point I'm very confused
  It's really possible to implement web services security with SAML using AM 7/7.1 +AppServer 8.1/8.2 in the way Securing Identity Web  Services tutorial/lab (http://www.javapassion.com/handsonlabs/IdentityWebServices/) do it???
  in many tutorials and official Sun documents I found the library amWebServicesProvider.jar that is supposed to be the Sun Java Access Manager Policy Agent 2.2, this library it's supposed to implement the JSR196(Java Authentication Service Provider Interface for Containers), using this library imply modifications to the server.policy and domain.xml files, in order to add support for SOAP and HttpServlet message security providers.
  I've tryed to modify the server.policy in AppServer 8.1/8.2, but I found it's only possible to add support for SOAP message security providers, trying to add HttpServlet mesage security providers makes AppServer crash at the init. How can I add support for HttpServlet message security provider???
  library amWebServicesProvider.jar its supposed to be the Policy Agent 2.2 and its currently bundled with Java EE SDK, but the currrent relese of the Policy Agent 2.2 for SJAS 8.1/8.2 does not includes this library. Does someone know where to download this release of Policy Agent and also at least an installation guide???
  in the AM side, I'm refering to AM ( shall I say "THE HALF AM" ?) bundled with Java EE SDK I found that many agents are created at the installation time, this agents in combination with the library amWebServicesProvider.jar supposly protect the web services, these agents are not common agents, I'm refering to the agents usually we create following the Policy Agent installation guide where we only put agent name, password, a description (optional) and checkbox Device Status to true, the agents created in "THE HALF AM" are created with a lot of aditional properties despite the fact that Sun Java System Access Manager 7.1 Administration Guide(http://docs.sun.com/app/docs/doc/819-4670/gavwo?a=view)
  says that only one property (agentRootURL) is valid and all other properties will be ignored
  my real question is:
  It's really possible_+ to implement web services security with SAML using AM 7/7.1 +AppServer 8.1/8.2, I mean, using REAL TECHNOLOGIES+_, in the way Securing Identity Web  Services tutorial/lab (http://www.javapassion.com/handsonlabs/IdentityWebServices/) do it???
  Any help is aprecciated
  regards

  Hi,
  I have installed Glashfish 9.1 and NetBeans 6.0 seperately on Windows XP, and want to configure the Access Manager 7.1 and Policy Agent 2.2 to run the Blue Prints for Secured WebServices.
  If I install the Access Manager from jdk15 version of AccessManager7_1RTM from Sun site, AM gets installed properly, but StockQuoteService blueprint not deployed properly (throws exceptions even after configuring the amWebServicesProvider.jar and amclientsdk.jar manually). But the AM documentation refers to the installation for Solaris not for Windows platform. I am not sure my configuration of amWebServicesProvider.jar is valid or not.
  I ran the blueprint StockQuoteService and StockQuoteClient successfully with all the variations of WSSecurities when I installed using the "java-tools-bundle-update3-beta-windows.exe" application which installs all the Glashfish, NetBeans, AM, OpenESB, Portal etc and configures automatically after installation and Start of Glasfish server.
  I have even tried to install the AM and configure from the "access_manager-7_1-p1-ea-b5" download installer, but it throws "ClassNotFoundException: com.sun.identity.setup.AMSetupFilter" exception when i deployed the amserver.war file.
  My requirement is, to run the AccessManager and have secured WebServices working properly when installed individually the Glashfish, AccessManager etc.
  Can anyone point me where i get the AccessManager 7.1 for Windows XP, and integrate with Glashfish 9.1, and able to run the blueprints StockQuoteService and StockQuoteClient with SAML and LibertyBeareToken security pofiles.
  Thanks in advance for the help,
  krishna

• How can we use two user certificates at a time?

  Hi,
  I want to use two different user certificates for two different trading partners. Can we keep two private keys in single wallet and use those simultaneously? In our case our two trading partners are using different CA's certificate and we are forced to use two private keys.
  Please tell me that is there any way by which I can manage two private keys at a time in single wallet?
  Please help.
  Thanks & Regards,
  Anuj Dwivedi

  a. How To Extract A Private Key and Certificate From A Wallet
  Oracle does not provide any functionality within Wallet Manager, or otherwise, to do this. However this can be achieved using OpenSSL.
  - If a Linux server is available, OpenSSL is usually installed by default (/usr/bin/openssl). If not you can download it from www.openssl.org
  - To extract the key and certificate from the Wallet run:
  openssl pkcs12 -in ewallet.p12 -passin pass:<wallet_password> -out ewallet.txt -nodes
  - The resulting ewallet.txt is a file that contains the unencrypted private key, the certificate and all the root CA's in the wallet. Then the relevant information for the key, and certificate(s) can be copied to separate files to create the individual key and certificate(s)
  b. How to Convert a Certificate and Private Key to an Oracle Wallet
  SSL2OSSL (UNIX) and OSSLCONVERT (Windows) are tools that allow you to convert Private Keys and Certificates to an Oracle Wallet format. This format is required for Oracle Application Server. $ORACLE_HOME/Apache/Apache/bin/ssl2ossl
  Points to Note:
  * Even though capath, cafile, and chain are optional, at least one must be specified.
  * All the certificates that are being converted must be in base64 format.
  * If you are converting a self signed certificate, running ssl2ossl/osslconvert does not import the certificate as a Trusted Certificate. Therefore it is necessary to import the certificate as a Trusted Certificate in Wallet Manager after its converted, otherwise the Wallet will not work with Application Server.
  usage:
  $ ssl2ossl -cert /<path>/server.crt -key /<path>/private.key -cafile /<path>/rootca.crt -wallet /ssl/wallet -ssowallet yes
  Enter wallet password:
  Verifying password - Enter wallet password:
  SUCCESS
  This will create a ewallet.p12 file in /ssl/wallet

• User interface for the CAF project

  hi
               to make  user interface for the CAF  i  have  written  a simple 
    webservice application for storing the data in the database using JDBC operation
     i have  imported the webservice in the  EXTERNAL SERVICE  and  mapped
    in the required in the entity service  , every thing worked fine  but  when  i have
    imported the model  for developing the USER INTERFACE  for the  webservice
     there is no  EXECUTABLE NODE 
        can  anyone provide a clear idea  how i can proceed further .

  Couple of things - you can open the interface for any instrument or plug-in by double-clicking its insert slot on the channel strip. You can configure Logic to automatically open the interface for a plug-in when you first instantiate it in the preferences. Go to Logic Pro > Preferences > Display > Mixer, and check the box for "Open plug-in window on insertion".