Securing RPC services with TCP Wrappers

Similar Messages

• Securing web services with Sun Access Manager

  Hi!
  I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
  What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
  I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
  I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
  My questions are:
  1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
  2) Are there any documentation/tutorials/etc?
  Thanks in advance :-)
  Anders

  what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
  the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
  So.. having said that. here's what I'd recommend.
  1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
  2. configure it to use your access manager instance for authentication.
  3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
  4. voila... your webservices are not "protected" by acces manager ;-)

• Connect to Secure web service with certificate from SAP EP

  Hi Experts,
  Here is the current situation:
  1. Our business requirement is to connect 3rd party RESTful web service which requires secure connection with private client certificate attached
  2. I've tested in my Java test application and successfully attached private certificate to HttpsURLConection request to the web service and made a connection. No problem at all.
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = new FileInputStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keyStore, "myPassword".toCharArray());
  KeyManager[] kms = keyManagerFactory.getKeyManagers();
  SSLContext sslContext = SSLContext.getInstance("SSL");
  sslContext.init(kms, null, new SecureRandom());
  SSLSocketFactory sockFact = sslContext.getSocketFactory();
  URL url = new URL("https://www.thirdpartywebservice.com/testroot/");
  HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
  conn.setSSLSocketFactory(sockFact);
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  3. Next, I tried to apply my Java application to SAP EP NetWeaver, and found that I have to use SecureConnectionFactory:
  https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm
  4. So, I modified my Java code for SAP EP:
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  SecureConnectionFactory scFactory = new SecureConnectionFactory(keyStore);
  HttpURLConnection conn = scFactory.createURLConnection("https://www.thirdpartywebservice.com/testroot/");
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  And I'm facing the following error message:
  Exception: java.security.UnrecoverableKeyException: ja
  va.security.GeneralSecurityException: Unable to decrypt private key: javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 253
  Could you please help me what this error message means?
  Do you think do I need to to do some other configuration to make connection to web service with client certificate?
  This is our first approach. Please help...
  Thank you in advance.

  SunJSSE implement SSL server CertificateRequest in a strict mode, if client failed to find a proper certificate corresponding the server request, it does not guess what's the proper certificate and send to the server. In your case, because there is no intermediate certificate in the client context, so there is no way to make the decision which certificate would be acceptable by server, so client does not send any cert to server. That's why you got a handshaking error.
  I guess your client key store does not contains a full certificate path from the client end-entity certificate to the root CA. Please import the full certificate path into the key store.
  BTW, these approaches should work, but I found no reason why one does not adopt #1:
  1. import the full certification path of client certificate into client key store.
  2. as a workaround, configure the server to send a list including the intermediate certificates;
  3. as a workaround, you will have to customize the client KeyManager if you don't want to or are not able to configure the server to send a list including the intermediate certificates.

• Secure OSB Service with LDAP

  Hi Friends,
  Greetings!
  Is there a way to secure an OSB service so that user will be able to access it only if they pass their AD/LDAP userid and password?
  Note: I know I can add servie accounts. However I want to avoid adding a guge number of users/services acounts manually.
  Thanks,
  Sachin.

  Hi Sachin,
  You have to configure webogic security realm to add AD/LDAP Authentication provider.
  http://onlineappsdba.com/index.php/2010/02/04/how-to-integrate-weblogic-with-oracle-internet-directory-for-login-authentication/
  In order to secure OSB service you can enable HTTPS or have message level security for the same.
  >know I can add servie accounts. However I want to avoid adding a guge number of users/services acounts manually.
  No Need to maintain n nunber of accounts per n number of users.
  use Basic Authentication/Custom Authentication/OWSM username token service policy to to authenticate username/password with AD/LDAP.
  For Authorization: Use Transport/Message Level Authorization at OSB Service level
  Regards,
  Abhinav Gupta

• Securing BPEL services with OWSM: problem resolving schema

  Hi,
  With the introduction of SOA Suite 10131 specification of XML objects types and elements is handled in a separate XSD file which is imported in the WSDL for the BPEL process. This is fine, it prevents cluttering up the WSDL.
  The import is like this:
  <import namespace="http://xmlns.oracle.com/MyFirstBPEL" schemaLocation="MyFirstBPEL.xsd" />
  Now, when I secure this service using an OWSM gateway, OWSM is not able to generate a test page for this service. It cannot resolve the XSD that it needs for constructing the test form. The same happens when you try to generate a proxy for the Web Service.
  A solution is to put the schema file in BPEL's xmllib and change the schemaLocation of the import tag accordingly, e.g.:
  <import namespace="http://xmlns.oracle.com/MyFirstBPEL" schemaLocation="http://localhost/orabpel/xmllib/MyFirstBPEL.xsd" />
  Can anyone think of a better solution, i.e. one that does not require changing the WSDL and avoids dragging the XSD around?
  Thanks. Regards, Sjoerd

  Hi Bastiaan,
  The XSD that is generated is automatically packaged and deployed with the BPEL process. And publishing it in a place is exactly what I do by putting it in /xmllib. I am all for controlled publication of XML Schema, but I would rather choose which XML constructs to publish (e.g. for re-use).
  Thanks. Sjoerd

• Calling a Axis2 Secure Web Service with JDeveloper 11g

  We are attempting call a Blackboard (Axis2) web service using Oracle JDeveloper 11g. We are currently unable to generate the security header required, could anyone please point me in the right direction?
  I have following the following steps highlighting my issue. What steps might I be missing? Should I have created a keystore? Should I implement this with the metro stack? Any help or suggestions to go in a different direction would be greatly appreciated.
  1. Install JDeveloper 11.1.1.5.0 (accept defaults)
  2. Open JDeveloper
  3. Create a Project by selecting File > New > Generic Project > Finish
  4. Right-click newly created project and select New
  a. Select Web Services in the Categories
  b. Select Web Service Proxy, then Next
  c. Next
  d. Select JAX-WS Style, then Next
  e. Enter http://gpstc.blackboard.com/webapps/ws/services/Context.WS?wsdl for the WSDL Document URL, then Next
  f. Next
  g. Remove “:80” from the Endpoint URL in each row, the first row should be http://gpstc.blackboard.com/webapps/ws/services/Context.WS, then Next
  h. Next
  i. I don’t see an option for WSSOAP12Binding which this webservice utilizes, so I selected “oracle/wss11_username_token_with_message_protection_client_policy”
  j. Next
  k. Finish
  5. As a test, add the following code after “// Add your code to call the desired methods.”
  GetServerVersionResponse myv = new GetServerVersionResponse();
  myv = contextWSPortType.getServerVersion(new GetServerVersion());
  System.out.println(myv.toString());
  6. Run the Project
  7. Received the following exception “Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSDoAllReceiver: Incoming message does not contain required Security header"
  Currently running JDeveloper 11g with Oracle WebLogic Server 11gR1
  Attempting to connect to Blackboard, Release 9.1.50119.0
  Thanks, Adam Ham

  Hi,
  Did you configure the Axis2 in Jdeveloper?
  Best Regards
  Sunny

• Securing Web Services with Access Manager

  Hello All
  I have installed the java_app_platform_sdk-5_04-windows.exe that comes with Acces Manager 7.1.
  I want to secure a webservice, so I have created a webapplication (with netbeans 6) with a webservice inside. I have also create a web client application that calls the webservice. The providers are configured in the server and I have enabled the soap security .
  When I use anonymous authentication everything works fine, but if I used any other security method the following exception arises:
  [#|2008-04-29T09:41:07.343+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|AMServerAuthModule.validateRequest: Failed in Securing the Request.|#]
  [#|2008-04-29T09:41:07.375+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
       at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
       at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
       at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
       at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
       ... 46 more
  |#]
  [#|2008-04-29T09:41:07.390+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|SEC2002: Container-auth: wss: Error validating request
  com.sun.enterprise.security.jauth.AuthException: Validating Request failed
       at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:188)
       at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
       at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
       at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  Caused by: java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
       ... 41 more
  Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
       at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
       ... 46 more
  |#]
  It�s says something about th security mechanism is not supported. But I don�t know why. �Any idea?
  Thank you

  Hello again,
  I am not using ssl. I am using the usernametoken or de saml-voucer mechanish and It happens in both. But with the anonymous mechanism doesnt happen.
  ...

• Get rid of tcp wrappers?

  Hi!
  I'm not sure this is the right forum, but I'll go with it anyways.
  The first thing I noticed when beginning to fill up my newly installed Arch linux with software was that most of the networkrelated packages was compiled with tcp wrappers (ssh for example, but several others aswell).
  I really don't like the usage of tcp wrappers. If I want security, I use iptables.
  Is there a way to get rid of the entire tcp wrappers thing and still use the packages, or do I have to compile everything on my own?
  Regards
  /Diddi

  Daenyth wrote:Click
  In other words, you'd have to recompile the packages.

• Delete Session in Services (Security Optimization Services)

  Hi,
  I've been trying to delete a session from the SAP Engagement and Services Delivery > Services. Service in question is the Security Optimization Services with the status completed. The session underneath it has the status Session is closed. After selecting the first service and pressing delete  I get the message Session not deleted. If I select the session underneath it the delete button is greyed out.
  Is there any way to delete this sessions?
  Also while trying to create a new session no new line(session) is created. The service does run and the Security Optimization Services rapport gets created only there is no new line on the session list.
  Solution Manager 7.1 sp08
  Thank you.
  Greetz,
  R.

  Hello,
  Firstly you need to figure out how these services were created in the first place.
  To delete sessions you can use the report RDSMOPREDUCEDATA.
  Important:
  For step 3 in the deletion report select: "ALL SESSION TYPES"
  For step 6: make sure that the checkbox is NOT select, so that you can
  get an overview of the sessions before the deletion is processed.
  Incase the Services were created but the corresponding sessions were not created corectly you would not be able to delete the services. The safest way in this case would be to open an Message with SAP for the cleanup.
  If you are an expert in Solution Manager then you can clean up by deleting the entries directly in the tabl DSMOPSERSESSION. However this is NOT an recommended way of doing it.
  If the report does not help then open an message with SAP. Safe and Sure way of getting rid of the sessions.
  Regards
  Amit

• Secure Web Services

  How can secure web services with SUN Access Manager or Jcaps? exist others forms?

  Error message says it all. Some security information is expected in the header of the request. Check out the web service documentation to get the details.

• How to enable TCP Wrappers with SMF services?

  I am using a site.xml file to enable/disable services during a Jumpstart configuration. This works great.
  However, I can't yet figure out how to configure the various properties of those services, such as enabling TCP Wrappers for a service. I can set the properties of a service and verify that they are set, but a "svccfg extract" does not capture that information.
  Is this a short coming of svccfg extract? Or are the properties of a service stored and configured elsewhere?

  That will work, as will any path underneath
  /var/svc/manifest.Got it working...Exported the inetd configuration, set tcp_wrappers to false, dropped inetd.xml into my jumpstart tree, jumped a box, and tcp_wrappers came up enabled by default for my inetd services!
  What is the difference between the /var/svcs/profile and /var/svcs manifest directory? Is profile for enabling/disabling services and manifest for service configuration?
  Does /var/svcs/profile/site.xml and /var/svcs/manifest/whatever.xml get read on every system boot? If not, what is the appropriate procedure to "reinitialize" smf if you want to change the existing behaviour by having it reread those files?
  Hmm. The defaults get written on the inetd serviceI believe, so exporting that would give you the
  fragment
  you want.It did, and I was able to accomplish what I needed to do.
  Sorry that it's such a slog in the meanwhile.Will there be something before FCS in a couple weeks?
  I can definetly see the managability and robustness of SMF. It's just going to take time to learn it, and documentation is needed for that.
  Thanks for all your help!

• How to define tcp wrappers for a new service in Solaris 10?

  Hi all, I need to setup tcp wrappers for a third-party software product with /etc/hosts.allow.
  I installed Trillium software on a new Solaris 10 server. It added this entry to /etc/inetd.conf:
  dscserv0_rel1300 stream tcp nowait tsadmin /usr/bin/env env -i HOME=/home/tsadmin LOGNAME=tsadmin /opt/trilv13/TrilliumSoftware/server/metabase/bin/mtb_server
  After the install, I ran inetconv and this new SMF service was created:
  *# svcs -a|grep dsc*
  online         13:22:57 svc:/network/dscserv0_rel1300/tcp:default
  Here's the problem: After this, all new connections were denied by default. I had to disable tcp wrappers with this command:
  inetadm -m svc:/network/dscserv0_rel1300/tcp:default tcp_wrappers=FALSE
  I would prefer to enable tcp wrappers, and put an entry into /etc/hosts.allow, but I can't figure out what service name to put into /etc/hosts.allow. I've read through the man pages but I can't identify the service name to use for this new service, and it won't accept the FMRI or an abbreviation of it either.
  How do I identify the service name to put into /etc/hosts.allow?

  At OS level, before entering Sql*Plus, do :
  $ EDITOR=vi; export EDITOR
  $ sqlplus ......
  Message was edited by:
  Paul M.
  Ciao Nicolas :-)

• SAML authentication Secure store service target ID Project server integration with excel service

  I installed and configured share Point 2013 Project server 2013, and Created web application Trusted Identity Provider (SAML 2.0) ,it is working as we expected means
  ..end user are able to access application(User Login through email and alies(account NAME) )
  My problem here CA is working NTLM authentication ,Web application is working SAML
  while creating service application(LIKE SSSA Excel Performance ... ( it automatically take NTLM) I CREATED TARGET ID in secure store service application ,I chooser "GROUPS" under SSSA,and
  we added members "group to account and email id.
  I configure Excel service application and i SSSA Target ID in this excel service application  also added trusted location for PWA site
  while opening excel sheet under Project server (An error occurred while accessing application id ProjectServerApplication from Secure
  Store Service. The following connections failed to refresh)
  I tried target ID choose option " Group Ticket" 
  Is it CA required for SAML authentication? .. (extend web application 
  How Service application like SSSA will work for SAML  authentication? 

  Hi SridharMandipudi, 
  as i know, usually when the error appear, you need to check the member.
  The domain group that was specified the Secure Store Service ID ProjectServerApplication did not have any members in the group. 
  and please also have a try in a testing secure store service application:
  Created new secure store service application with new target application ID. and added this ID in excel service application -----global settings----Application ID.
  went to Central admin---manage web application---selected web application ---click on Service Connection---associated newly created secure store service application.
  edited data connection string of excel file.
  went to site and tried refresh that excel file and able to refresh the file.
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• RPC/SOAP-Encoded Web Service with Workshop

  Is there anyway to create a RPC/SOAP-Encoded Web Service with Workshop ? There is an "encoding" attribute in the autotype ant task but no corresponding properties in Workshop.

  Hi,
  Thanks for the reference.
  I have checked both in the wsdl and the Soap message,
  rpc property effectively means rpc/encoded. Now that
  would say that RPC/Literal is not supported ?
  Here are what the messages looks like with rpc and
  document properties
  Thanks all for making this clear.
  document wlw property = Document/Literal
  <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <SOAP-ENV:Body SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <ns:getEmployeeResponse xmlns:ns="http://www.openuri.org/">
  <ns:getEmployeeResult xmlns:ns="http://www.openuri.org/">
  <ns:Address xmlns:ns="http://www.openuri.org/">
  <ns:City xmlns:ns="http://www.openuri.org/">Luxembourg</ns:City>
  <ns:Country xmlns:ns="http://www.openuri.org/">LU</ns:Country>
  <ns:Number xmlns:ns="http://www.openuri.org/">2</ns:Number>
  <ns:PostCode xmlns:ns="http://www.openuri.org/">1000</ns:PostCode>
  <ns:Street xmlns:ns="http://www.openuri.org/">Bld. Royal</ns:Street>
  </ns:Address>
  <ns:Age xmlns:ns="http://www.openuri.org/">20</ns:Age>
  <ns:Name xmlns:ns="http://www.openuri.org/">Dupont</ns:Name>
  <ns:FirstNames xmlns:ns="http://www.openuri.org/">
  <ns:String xmlns:ns="http://www.openuri.org/">Jean</ns:String>
  <ns:String xmlns:ns="http://www.openuri.org/">Jacques</ns:String>
  </ns:FirstNames>
  </ns:getEmployeeResult>
  </ns:getEmployeeResponse>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  rpc wlw property = RPC/Soap-Encoded
  <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <SOAP-ENV:Body SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <ns:getEmployeeResponse xmlns:ns="http://www.openuri.org/">
  <getEmployeeResult xmlns:s="http://www.openuri.org/encodedTypes" xsi:type="s:Employee">
  <Address xsi:type="s:Address">
  <City xsi:type="xsd:string">Luxembourg</City>
  <Country xsi:type="xsd:string">LU</Country>
  <Number xsi:type="xsd:int">2</Number>
  <PostCode xsi:type="xsd:string">1000</PostCode>
  <Street xsi:type="xsd:string">Bld. Royal</Street>
  </Address>
  <Age xsi:type="xsd:int">20</Age>
  <Name xsi:type="xsd:string">Dupont</Name>
  <FirstNames SOAP-ENC:arrayType="xsd:string[2]" xsi:type="SOAP-ENC:Array">
  <String xsi:type="xsd:string">Jean</String>
  <String xsi:type="xsd:string">Jacques</String>
  </FirstNames>
  </getEmployeeResult>
  </ns:getEmployeeResponse>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  Message was edited by phcollignon at Aug 27, 2004 2:54 AM

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info